Overview
If you made some changes to the template such as inserting a script within it, you may receive the error "Security Checks Failed, Possible CSRF Attempt" when trying to make changes to your Help Center such as editing or modifying the articles. This article shares the process to resolve this 'Cross-site request forgery' error.
Diagnosis
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are submitted from a user that the web application trusts. [source: Wikipedia.org]
In Kayako, this error may appear due to the changes made in the Templates. If you have edited your templates and added a code intended for DOM (Document Object Model) element replacements such as the sample Javascript below, this error may appear.
<script language="Javascript" type="text/javascript">
document.body.innerHTML = document.body.innerHTML.replace('You may have to request access from the person who sent you the link.', 'This is the changed text');
</script>
This kind of replacements breaks the DOM object and will cause Kayako to detect this as a Cross-site request forgery.
Prerequisites
- To customize or modify your Kayako Help Center template, you will need an administrator account with the 'Manage channels' permission.
- Working knowledge of the API.
- This article also assumes you have a basic understanding of the following to make properties changes:
- Javascript
- DOM Elements (Document Object Model Elements)
Solution
You will need to restore the template that was modified. One option is using the “Revert to default” button in the Templates editor.
-
Sign in to Kayako and go to the Help Center.
-
Click the Customize button on the upper toolbar.
-
On the customization pane, click the Customize templates heading.
-
From the Templates drop-down, select the template you would like to restore.
-
Once you have selected a template, click the 'Revert to default' button.
- When you receive the prompt, click 'Yes! Revert to default'.
If this is not possible to use the 'Revert to default' button (like the button is not clickable or grayed out), you will have to restore the template via API:
NOTE: You may use any API client (e.g., the Postman tool).
-
Launch your API client.
-
Use the PUT method to restore the template.
- Example: The following call will restore the footer template. Build the URL according to the template you wish to restore.
PUT https://YOURDOMAIN.kayako.com/api/v1/brands/1/templates/helpcenter_footer/restore.json
- In this example, take note of the following information:
- YOURDOMAIN should be replaced by your actual Kayako domain.
- The brands/1/ is the default brand where "1" is the brand ID. You can change the brand number if you are restoring a template for another brand. To get the brand ID, please refer to this developer documentation.
- Example: The following call will restore the footer template. Build the URL according to the template you wish to restore.
-
Select 'Basic Auth' in the Authorization tab and send the request.
Confirmation
Once you send the request, the "status": 200 will be returned if the call is successful. Then, your template will be restored and the error will no longer appear.