Always CSRF attack in deployment even after configuring MAX_VALUES

[christianlx]

OCS Inventory version
Version : 2.9.1.2 from repository RedHat8 (RPM based installation). PHP v 7.3

Describe the bug
While uploading an MSI, always have the message "CSRF attacK" despite configuration of "max" values
If I upload an exe, no error message but also hanged with a blanked page.
Only happenend with a file with a size > 100 Mb

To Reproduce
all is working fine. Teledeploy is activated in GUI

I have already increased the parameters in "/etc/httpd/conf.d/ocsinventory-reports.conf"
php_value post_max_size 513m
php_value upload_max_filesize 512m

Also in "/etc/php.ini"
post_max_size = 513M
upload_max_filesize = 512M

Also find in /usr/share/ocsinventory-reports.userini
post_max_size = 513M
upload_max_filesize = 512M

also tried to change LimitRequestBody in /etc/httpd/conf.d/ocsinventory-reports.conf without success

Is there another file/folder/db to change this value ?

Log file (optional)
No error in logs (httpd and ocs activity log, just CSRF attack while uploading an MSI (280 Mb)

[charleneauger]

Hi @christianlx ,

Are you using a classic PHP or PHP fpm ?
If you are using php fpm please note there is a dedicated configuration file.

Regards,
Charlene Auger

[christianlx]

Hi Charlene,
thanks to have put me on the right direction, I had to create a specific ini file in /etc/php.d/ to have the upload max working properly.

Thanks and regards