Jump to content

- - - - -

"Secure Key" and "nopermission" Errors

Many functions of IP.Board make use of a token to prevent cross-site request forgeries.

A "Cross-site request forgery" (often abbreviated to CSRF) is a type of malicious website exploit whereby unauthorized commands are transmitted from a user that the website trusts.
For example, a malicious user might trick a moderator into clicking a link that would redirect them to your community and delete a thread.

To prevent this, IP.Board generates a secret "token" comprised of a random series of characters on pages that perform such actions, when the action is performed, IP.Board checks that the token provided was valid and correct.
If this check fails, you will receive an error message. This may be in the form of an error screen, or you may get a popup message saying "nopermission". Depending on the type of action being attempted, the administrator may have been notified.
These errors of course, should theoretically never occur. There are situations where if you open two pages with actions, two keys will be generated and the check may therefore fail. If this happens, simply go back, refresh the page and then submit the action again.
If the problem persists, then you should contact technical support.


Developer Docs · Error Codes