-
-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/api/graphql 403 forbidden, SuiteCRM 8.3.1 and 8.4.0 (installed in subfolder /suitecrm) #342
Comments
I have also set it up as |
Here's something of interest, I think. I always configure all PHP pools with a different |
We experienced something similar when upgrading Suitecrm from 8.2.4 to 8.4 and php version 7.4 to 8.2. When trying to display the opportunities list, the graphql would complain about CSRF token, but we could see it was set and working on other list views. After further investigation we found an error message in our apache log, complaining about memory issues. The php.ini had a limit at 128mb. When raising the limit, the issue was resolved. Hope it helps! |
Found this issue with a 8.4 fresh install, and also before when upgrading from a 7.4 to a 8.4. Maybe the problem is in my Apache setup but it seems that the CSRF token is submitted from the browser in a cookie, but not in a request header as expected by SuiteCRM. So, I have configured Apache to copy the token from the cookie in the header.
` |
@carlitros900 where excactly did you place these commands? @TwizzX17 I've increased to 256 as well - but without any improvement. @joho1968 I'm using the standard session config, but still the same problem. Any other ideas on what to do here? |
I don't really know what got it working, but 8.4.0 is working here now with PHP 8.1.23 on Ubuntu 22.04.LTS. I have my DocumentRoot set to The |
@joho1968 Yes, same setup here - .htaccess is standard then. Any other ideas what you've changed from the standard? |
I don't think I've changed anything else. Maybe with the exception of PHP's session handling. I saw that a lot of session files were created, so I installed Redis and configured PHP-FPM like so: [suitecrm.conf]
[php.ini]
[Apache suitecrm.conf]
I'm not using the API. SuiteCRM ran into the issue itself while calling the API. So no external code was part of my problem, only SuiteCRM's internal code. |
@Chris8080 Is in the virtual host in the apache configuración. |
The internal SuiteCRM code works fine for me. |
Issue
Fresh install of SuiteCRM 8.3.1 and/or SuiteCRM 8.4.0 gives "403 forbidden" on a /api/graphql (POST) request.
I've used the cli console to install.
Expected Behavior
I expected the application to actually work 😉
Actual Behavior
"403 forbidden" on a /api/graphql (POST) request.
Looking at the request headers in the browser console, I can see a
X-XSRF-TOKEN
header and cookie being passed.Context
I'm trying to run SuiteCRM 8.3.1 and/or SuiteCRM 8.4.0 from http://127.0.0.1/suitecrm
I think this is reasonably high priority. I've seen quite a few community posts on this and/or something very similar.
Your Environment
Apache configuration block
The
RewriteBase
directive in/var/www/suitecrm/public/legacy/.htaccess
is/suitecrm/legacy/
(created by the installer). I have tried altering this to everything I can think of, but nothing I try seems to help.The text was updated successfully, but these errors were encountered: