403 Access Forbidden by CSRFProtector! - Printable Version +- Community Support for OpenDocMan (Deprecated) (https://forum.opendocman.com) +-- Forum: OpenDocMan Community Discussion (https://forum.opendocman.com/forum-5.html) +--- Forum: OpenDocMan Support - Community Based (https://forum.opendocman.com/forum-6.html) +--- Thread: 403 Access Forbidden by CSRFProtector! (/thread-956.html) |
403 Access Forbidden by CSRFProtector! - semonski - 09-19-2016 Good morning.... Just started having a weird problem.... when I try to add a document, I get the following error... 403 Access Forbidden by CSRFProtector! I had upgraded to version 1.3.5 back at the end of August, and on that day, I was able to upload documents.... Now, I can not. I can search and download existing documents, but I can't add any more docs. I've searched generically on this error and found some references to the jsUrl value, however, I do not quite understand the "what and how" of the requirements of those settings... Any assistance would be greatly appreciated. Kos RE: 403 Access Forbidden by CSRFProtector! - adminla - 09-19-2016 That is coming from a tool we use for improved security. This is only happening on adding new documents then? Not editing? RE: 403 Access Forbidden by CSRFProtector! - semonski - 09-19-2016 (09-19-2016, 08:11 AM)adminla Wrote: That is coming from a tool we use for improved security. This is only happening on adding new documents then? Not editing? Yea.... figured it out.... it was a bit convoluted with the error that was being thrown on the screen.... I started chasing down that error only to find that there was really nothing wrong.... then, I decided to take a peek at the log files to see if anything there stuck out. After looking at the Apache log ( /var/log/apache2/error.log ) I found this entry.... PHP Warning: POST Content-Length of 12209794 bytes exceeds the limit of 8388608 bytes in Unknown on line 0, referer: https://xx.xx.xx.xx/add.php So, it seems that the issue's root cause was / is PHP... So, I started digging into PHP and didn't find anything wrong in the PHP5 config.... but then saw that (on that same day where everything else worked) PHP 7 was installed during an upgrade cycle... I found the 8M limit on the post_max_size and changed that.... and also adjusted the upload_max_filesize variable from 2M after that, reboot and all seems well... So, even though the error was being thrown for CSRFProtector, the actual culprit was the default file size limit in the (new version 7) PHP.INI config file.. (my PHP5 files were fine) Here is the quick fix... (UBUNTU 16.04 LTS) /etc/php/7.0/apache2/php.ini /etc/php/7.0/cli/php.ini edit the following.... upload_max_filesize = xxM (e.g. upload_max_filesize = 90M) post_max_size = xxM (however big you want it.... keep it to something a little higher than what you expect to be your largest upload) Kos RE: 403 Access Forbidden by CSRFProtector! - adminla - 09-19-2016 Got it. Thanks. |