After you’ve upgraded to Magento version 1.9.3.4 have you noticed that your check out just sits on billing information and doesn’t proceed to the shipping options? Apparently, the Magento team discovered a security issue and added form key validation on check out.
What are form keys?
Form keys help prevent Cross Site Request Forgery attacks on Magento forms. Cross Site Request Forgery is the attempt of submitting malicious form information from one website to another. (In lamen’s terms) Form keys are a way for a website to validate that the form submission is being sent within itself. In the Magento world, in order to create any custom forms, they must have a form key. If not, the Magento action controller will not respond.
How do I fix it?
Well, there are 3 options to resolve this issue.
- Remove app/design/frontend/(Your custom package)/(Your custom theme)/template/persistent & app/design/frontend/(Your custom package)/(Your custom theme)/template/checkout
- If your check out was heavily modified, you can add the form key validation to your theme. Right before the ending form tag of the billing form and the payment form, place the code
<?php echo $this->getBlockHtml('formkey') ?> - Disable form key checks on checkout. [alert type=”danger”]I Highly do not recommend this option[/alert]
It’s understandable that this will result in lost revenue. If you have to keep your online store running and cannot wait for a web developer to resolve the issue. Navigate to System -> Configuration. On the left column, scroll all the way down to Advanced -> Admin. In the collapse, select security and set “Enable Form Key Validation On Checkout” to No.
That should solve your issue. Please do leave a comment if you have any questions. Thanks
