by NS-Team

QuickCRM Mobile gives you access to SuiteCRM on your mobile, your tablet (iPhone, iPad, Android) or your laptop with QuickCRM native apps available on App Store, Google Play and Windows Store.

Cancel at any time!
Free Trial

#2216 - cross-site forgery error

Closed Bug? created by FullArmor 3 years ago

I'm working from a trial subscription and am trying to evaluate the configuration for the mobile-to-server functions.

Trying to load the "Views Configuration" from the server-side admin screen, and I get a cross-site forgery attack detected error. I've added the referer to the config_override.php as the message suggests, run a quick rebuild and repair, and the error persists. It says : "Save the file and it should work" . I did, and it does not. Anything else I should try to resolve this?

  1. bluquet member avatar

    NS-Team Provider Affiliate

    3 years ago

    Hi,

    I have never seen this kind of issues. That might be related to your .htaccess. Can you please: - Check that the URL you are using when accessing SuiteCRM is consistent with what you have in site_url in config.php? - Run Admin / Repair / Repair htaccess

  2. FullArmor member avatar

    FullArmor

    3 years ago

    The URL I'm using is https://my-company.com/crm , which matches the setting for "site_url" in config.php. I ran Admin-Repair-Repair htaccess , just now, and no change. The line I added to the config_override.php is: $sugar_config['http_referer']['list'][] = 'my-company.com';

  3. bluquet member avatar

    NS-Team Provider Affiliate

    3 years ago

    Hi again,

    We have not been able to reproduce that issue.

    Is your CRM in a subfolder of a WordPress web site? We heard that, in some cases, some directives in WordPress .htaccess file have an impact on SuiteCRM.

  4. FullArmor member avatar

    FullArmor

    3 years ago

    Yes, there is a wordpress .htaccess file in the parent folder (the SuiteCRM is in a subfolder of the main htdocs tree). My htaccess game is weak... is there a way to override the WP settings from the CRM htaccess?

    • bluquet member avatar

      NS-Team Provider Affiliate

      3 years ago

      I'm not an expert, but I believe you can do that in Apache settings with AllowOverride all Something like
      Options Indexes FollowSymLinks MultiViews
      AllowOverride All
      Order allow,deny
      allow from all

  5. bluquet member avatar

    NS-Team Provider Affiliate

    3 years ago

    I will send you a private email as SuiteCRM Store automatically removed some tags I entered.

  6. FullArmor member avatar

    FullArmor

    3 years ago

    Thanks for your help, but it looks like we cannot change the Apache config (we're running in a godaddy shared-hosting server). I may try to setup a dedicated server (where I can define the Apache configuration myself), but for now, we should be able to test and evaluate the mobile-to-server functionality since everything else seems to be working fine. Thanks for your help! You can close this ticket as resolved.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
  • "It’s super interesting to me. I have my iPhone in one hand… And I’m staring at my computer screen. Both of them have the ability now to work on ..." - Sage

    Read More Reviews