Error 403 Forbidden

GET https://uat-dam.dabur.com/admin/element/unlock-elements?csrfToken=6a868d050f06aa2c169e15f2f73bdcc069166ffd

Browse referrer URL
IP
10.230.0.150
Profiled on
Token
a1c71e

ErrorController

Request

GET Parameters

Key Value
csrfToken 
"6a868d050f06aa2c169e15f2f73bdcc069166ffd"

POST Parameters

No POST parameters

Uploaded Files

No files were uploaded

Request Attributes

Key Value
_controller 
"error_controller"
_pimcore_context 
"admin"
exception 
Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException {#1862
  #message: "Detected CSRF Attack! Do not do evil things with pimcore ... ;-)"
  #code: 0
  #file: "/var/www/html/dam-portal/vendor/pimcore/admin-ui-classic-bundle/src/Security/CsrfProtectionHandler.php"
  #line: 60
  -statusCode: 403
  -headers: []
  trace: {
    /var/www/html/dam-portal/vendor/pimcore/admin-ui-classic-bundle/src/Security/CsrfProtectionHandler.php:60 {
      Pimcore\Bundle\AdminBundle\Security\CsrfProtectionHandler->checkCsrfToken(Request $request): void …
      › 
      ›     throw new AccessDeniedHttpException('Detected CSRF Attack! Do not do evil things with pimcore ... ;-)');}
    }
    /var/www/html/dam-portal/vendor/pimcore/admin-ui-classic-bundle/src/EventListener/CsrfProtectionListener.php:78 {
      Pimcore\Bundle\AdminBundle\EventListener\CsrfProtectionListener->handleRequest(RequestEvent $event): void …
      › 
      ›     $this->csrfProtectionHandler->checkCsrfToken($request);}
    }
    /var/www/html/dam-portal/vendor/symfony/event-dispatcher/EventDispatcher.php:260 {
      Symfony\Component\EventDispatcher\EventDispatcher::Symfony\Component\EventDispatcher\{closure} …
      ›     }    ($closure = $listener(...))(...$args);};
    }
    /var/www/html/dam-portal/vendor/symfony/event-dispatcher/EventDispatcher.php:220 {
      Symfony\Component\EventDispatcher\EventDispatcher->callListeners(iterable $listeners, string $eventName, object $event) …
      ›     }    $listener($event, $eventName, $this);}
    }
    /var/www/html/dam-portal/vendor/symfony/event-dispatcher/EventDispatcher.php:56 {
      Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object $event, ?string $eventName = null): object …
      › if ($listeners) {    $this->callListeners($listeners, $eventName, $event);}
    }
    /var/www/html/dam-portal/vendor/symfony/http-kernel/HttpKernel.php:157 {
      Symfony\Component\HttpKernel\HttpKernel->handleRaw(Request $request, int $type = self::MAIN_REQUEST): Response …
      › $event = new RequestEvent($this, $request, $type);$this->dispatcher->dispatch($event, KernelEvents::REQUEST);}
    /var/www/html/dam-portal/vendor/symfony/http-kernel/HttpKernel.php:76 {
      Symfony\Component\HttpKernel\HttpKernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true): Response …
      › try {    return $response = $this->handleRaw($request, $type);} catch (\Throwable $e) {
    }
    /var/www/html/dam-portal/vendor/symfony/http-kernel/Kernel.php:197 {
      Symfony\Component\HttpKernel\Kernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true): Response …
      › try {    return $this->getHttpKernel()->handle($request, $type, $catch);} finally {
    }
    /var/www/html/dam-portal/vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php:35 {
      Symfony\Component\Runtime\Runner\Symfony\HttpKernelRunner->run(): int …
      › {    $response = $this->kernel->handle($this->request);}
    /var/www/html/dam-portal/vendor/autoload_runtime.php:29 {
      require_once …
      ›         ->getRunner($app)        ->run());
    }
    /var/www/html/dam-portal/public/index.php:19 {define('PHPSECLIB_ALLOW_JIT', false);require_once dirname(__DIR__).'/vendor/autoload_runtime.php';arguments: {
        "/var/www/html/dam-portal/vendor/autoload_runtime.php"
      }
    }
  }
}
logger 
null

Request Headers

Header Value
accept 
"*/*"
accept-encoding 
"gzip, deflate, br, zstd"
accept-language 
"en-US,en;q=0.9"
connection 
"keep-alive"
content-length 
"43"
content-type 
"text/plain;charset=UTF-8"
cookie 
"_pc_vis=8afbdf7db9c32b3e; _fbp=fb.1.1752259950678.813231013190914335; _ga=GA1.2.980877821.1752259951; _ga_4903VYBC0Z=GS2.1.s1753966923$o28$g0$t1753966923$j60$l0$h0; _pc_ses=1754054421316; PHPSESSID=pmogd13cms3t3nod5omauf43ke"
host 
"uat-dam.dabur.com"
origin 
"https://uat-dam.dabur.com"
referer 
"https://uat-dam.dabur.com/admin/"
sec-ch-ua 
""Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138""
sec-ch-ua-mobile 
"?0"
sec-ch-ua-platform 
""Windows""
sec-fetch-dest 
"empty"
sec-fetch-mode 
"no-cors"
sec-fetch-site 
"same-origin"
user-agent 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"
x-php-ob-level 
"1"

Request Content

Raw

{"elements":[{"id":"384","type":"object"}]}

Response

Response Headers

Header Value
cache-control 
"no-cache, private"
content-type 
"text/html; charset=UTF-8"
date 
"Sat, 02 Aug 2025 11:41:06 GMT"
vary 
"Accept"
x-debug-token 
"a1c71e"

Cookies

Request Cookies

Key Value
PHPSESSID 
"pmogd13cms3t3nod5omauf43ke"
_fbp 
"fb.1.1752259950678.813231013190914335"
_ga 
"GA1.2.980877821.1752259951"
_ga_4903VYBC0Z 
"GS2.1.s1753966923$o28$g0$t1753966923$j60$l0$h0"
_pc_ses 
"1754054421316"
_pc_vis 
"8afbdf7db9c32b3e"

Response Cookies

No response cookies

Session

Session Metadata

Key Value
Created 
"Sat, 02 Aug 25 11:41:05 +0000"
Last used 
"Sat, 02 Aug 25 11:41:06 +0000"
Lifetime 
0

Session Attributes

No session attributes

Session Usage

0 Usages
Stateless check enabled

Session not used.

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
APP_DEBUG 
"0"
APP_ENV 
"dev"
PIMCORE_DEV_MODE 
"false"

Defined as regular env variables

Key Value
CONTENT_LENGTH 
"43"
CONTENT_TYPE 
"text/plain;charset=UTF-8"
CONTEXT_DOCUMENT_ROOT 
"/var/www/html/dam-portal/public"
CONTEXT_PREFIX 
""
DOCTRINE_DEPRECATIONS 
"trigger"
DOCUMENT_ROOT 
"/var/www/html/dam-portal/public"
GATEWAY_INTERFACE 
"CGI/1.1"
HTTPS 
"on"
HTTP_ACCEPT 
"*/*"
HTTP_ACCEPT_ENCODING 
"gzip, deflate, br, zstd"
HTTP_ACCEPT_LANGUAGE 
"en-US,en;q=0.9"
HTTP_CONNECTION 
"keep-alive"
HTTP_COOKIE 
"_pc_vis=8afbdf7db9c32b3e; _fbp=fb.1.1752259950678.813231013190914335; _ga=GA1.2.980877821.1752259951; _ga_4903VYBC0Z=GS2.1.s1753966923$o28$g0$t1753966923$j60$l0$h0; _pc_ses=1754054421316; PHPSESSID=pmogd13cms3t3nod5omauf43ke"
HTTP_HOST 
"uat-dam.dabur.com"
HTTP_ORIGIN 
"https://uat-dam.dabur.com"
HTTP_REFERER 
"https://uat-dam.dabur.com/admin/"
HTTP_SEC_CH_UA 
""Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138""
HTTP_SEC_CH_UA_MOBILE 
"?0"
HTTP_SEC_CH_UA_PLATFORM 
""Windows""
HTTP_SEC_FETCH_DEST 
"empty"
HTTP_SEC_FETCH_MODE 
"no-cors"
HTTP_SEC_FETCH_SITE 
"same-origin"
HTTP_USER_AGENT 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"
PATH 
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
PHP_SELF 
"/index.php"
QUERY_STRING 
"csrfToken=6a868d050f06aa2c169e15f2f73bdcc069166ffd"
REDIRECT_HTTPS 
"on"
REDIRECT_QUERY_STRING 
"csrfToken=6a868d050f06aa2c169e15f2f73bdcc069166ffd"
REDIRECT_SSL_TLS_SNI 
"uat-dam.dabur.com"
REDIRECT_STATIC_PAGE_URI 
"/%home"
REDIRECT_STATUS 
"200"
REDIRECT_URL 
"/admin/element/unlock-elements"
REMOTE_ADDR 
"10.230.0.150"
REMOTE_PORT 
"55764"
REQUEST_METHOD 
"GET"
REQUEST_SCHEME 
"https"
REQUEST_TIME 
1754134866
REQUEST_TIME_FLOAT 
1754134866.3354
REQUEST_URI 
"/admin/element/unlock-elements?csrfToken=6a868d050f06aa2c169e15f2f73bdcc069166ffd"
SCRIPT_FILENAME 
"/var/www/html/dam-portal/public/index.php"
SCRIPT_NAME 
"/index.php"
SERVER_ADDR 
"172.19.136.170"
SERVER_ADMIN 
"zorawarsingh.nandwal@iqvia.com"
SERVER_NAME 
"uat-dam.dabur.com"
SERVER_PORT 
"443"
SERVER_PROTOCOL 
"HTTP/1.1"
SERVER_SIGNATURE 
"<address>Apache/2.4.52 (Ubuntu) Server at uat-dam.dabur.com Port 443</address>\n"
SERVER_SOFTWARE 
"Apache/2.4.52 (Ubuntu)"
SSL_CIPHER 
"TLS_AES_128_GCM_SHA256"
SSL_CIPHER_ALGKEYSIZE 
"128"
SSL_CIPHER_EXPORT 
"false"
SSL_CIPHER_USEKEYSIZE 
"128"
SSL_CLIENT_VERIFY 
"NONE"
SSL_COMPRESS_METHOD 
"NULL"
SSL_PROTOCOL 
"TLSv1.3"
SSL_SECURE_RENEG 
"false"
SSL_SERVER_A_KEY 
"rsaEncryption"
SSL_SERVER_A_SIG 
"sha256WithRSAEncryption"
SSL_SERVER_I_DN 
"CN=GeoTrust TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US"
SSL_SERVER_I_DN_C 
"US"
SSL_SERVER_I_DN_CN 
"GeoTrust TLS RSA CA G1"
SSL_SERVER_I_DN_O 
"DigiCert Inc"
SSL_SERVER_I_DN_OU 
"www.digicert.com"
SSL_SERVER_M_SERIAL 
"04CF848170DEC33407AAB5A0FE90CA37"
SSL_SERVER_M_VERSION 
"3"
SSL_SERVER_SAN_DNS_0 
"uat-dam.dabur.com"
SSL_SERVER_S_DN 
"CN=uat-dam.dabur.com,O=Dabur India Limited,L=Ghaziabad,ST=Uttar Pradesh,C=IN"
SSL_SERVER_S_DN_C 
"IN"
SSL_SERVER_S_DN_CN 
"uat-dam.dabur.com"
SSL_SERVER_S_DN_L 
"Ghaziabad"
SSL_SERVER_S_DN_O 
"Dabur India Limited"
SSL_SERVER_S_DN_ST 
"Uttar Pradesh"
SSL_SERVER_V_END 
"Jun 19 23:59:59 2026 GMT"
SSL_SERVER_V_START 
"Jun 20 00:00:00 2025 GMT"
SSL_SESSION_ID 
"389b020b661d2e10f97c07a4676a10b0518fa7beb7c0bfcc7d51a8faa6c967e5"
SSL_SESSION_RESUMED 
"Resumed"
SSL_TLS_SNI 
"uat-dam.dabur.com"
SSL_VERSION_INTERFACE 
"mod_ssl/2.4.52"
SSL_VERSION_LIBRARY 
"OpenSSL/3.0.2"
STATIC_PAGE_URI 
"/%home"
SYMFONY_DOTENV_VARS 
"APP_ENV,APP_DEBUG,PIMCORE_DEV_MODE"

Parent Request

Return to parent request (token = f9f355)

Key Value
_controller 
"Pimcore\Bundle\AdminBundle\Controller\Admin\ElementController::unlockElementsAction"
_pimcore_context 
"admin"
_route 
"pimcore_admin_element_unlockelements"
_route_params 
[]