refs Fix from Deivison Arthur for formKey issues and switch between fixes

[miguelbalparda]

Added fix for formKey from https://github.com/deivisonarthur/Inovarti_FixAddToCartMage18/ by Deivison Arthur.

[miguelbalparda]

This PR adds 2 different ways to bypass the formKey issue. The first and default way is to pipe the first page visit for new sessions and the second one is an implementation of Inovarti_FixAddToCartMage18. This can be managed from System - Configuration - Turpentine - Varnish Options - General Options - Use VCL fix.

[miguelbalparda]

From the official documentation there is another way to solve this issue. CSRF can be completely disabled now by going to System - Advanced - System - CRSF protection - Add secret key to URL - No. This was the official fix by Magento to known issues betwen Magento and Varnish We don't recommend completely disabling the CSRF even when it represents a low risk for the frontend. While using this in conjunction with Turpetine, go to System - Configuration - Turpentine - Varnish Options - General Options - Use VCL fix - No.

[csdougliss]

@miguelbalparda Thanks, seems a better solution by giving everyone an option instead of just disabling session generation

[jasonv77]

got this error when i tried to install inovarti fix, can you advise. it also blocked my admin backend.

There has been an error processing your request

Mage registry key "_singleton/fixaddtocartmage18/observer" already exists

Trace:
#0 /home/vasquezj/public_html/app/Mage.php(223): Mage::throwException('Mage registry k...')
#1 /home/vasquezj/public_html/app/Mage.php(477): Mage::register('_singleton/fixa...', false)
#2 /home/vasquezj/public_html/includes/src/__default.php(22054): Mage::getSingleton('fixaddtocartmag...')
#3 /home/vasquezj/public_html/app/Mage.php(448): Mage_Core_Model_App->dispatchEvent('controller_acti...', Array)
#4 /home/vasquezj/public_html/includes/src/__default.php(14405): Mage::dispatchEvent('controller_acti...', Array)
#5 /home/vasquezj/public_html/includes/src/__default.php(15028): Mage_Core_Controller_Varien_Action->postDispatch()
#6 /home/vasquezj/public_html/includes/src/__default.php(14276): Mage_Core_Controller_Front_Action->postDispatch()
#7 /home/vasquezj/public_html/includes/src/__default.php(18726): Mage_Core_Controller_Varien_Action->dispatch('index')
#8 /home/vasquezj/public_html/includes/src/__default.php(18256): Mage_Core_Controller_Varien_Router_Standard->match(Object(Mage_Core_Controller_Request_Http))
#9 /home/vasquezj/public_html/includes/src/__default.php(21084): Mage_Core_Controller_Varien_Front->dispatch()
#10 /home/vasquezj/public_html/app/Mage.php(684): Mage_Core_Model_App->run(Array)
#11 /home/vasquezj/public_html/index.php(83): Mage::run('', 'store')
#12 {main}

[miguelbalparda]

@jasonv77 you should ask the module provider about that one. Anyway I think there is no need to install anything to solve this issue since we already have 3 possibles fixes.

[jasonv77]

i had turned off csrf to fix my issue but as you advised was not recommended so i tried the other one and i got that error

[miguelbalparda]

The code you are referring to is not in our repository. It seems you installed the fix and then you tried to use it in conjunction with Turpentine @jasonv77. I think it is better to ask this in the repository where you found the code you are using.

[jasonv77]

k

[augpaschal]

I have some problems with cart and checkout and Use VCL fix = no solved these problems. Is dangerous to keep Use VCL fix = no? (because you write "Please note that the observer method will disable CRSF protection.")