[Vtigercrm-developers] "Illegal request" error when signing into Google from extension settings

[Alex Hall]

Hello list,
When any of our users go to settings > extensions > Google so they can sign
in and sync their calendars/contacts, they get an error after allowing or
denying Google access. When Google's page appears, they can sign in, then
authorize or cancel VTiger's request to access their account. When they
choose either option, though, a page appears that simply says "Illegal
request" and has  "go back" link below the text.

I've found the source of the problem in request.php. Specifically:

            global $site_URL;
            if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) &&
($this->get('module') != 'Install')) {
                throw new Exception('Illegal request');
            }

I read this as "if the referrer URL doesn't start with the VTiger install's
base URL, and VTiger isn't being installed, throw this exception". This
must mean that the URL doesn't start with crm.mysite.com. Yet, the URL of
this page is:
https://crm.mysite.com/index.php?module=Google&view=Authenticate&service=Google&error=access_denied#

The "error" should be because I hit "cancel", not wishing to sync my Google
account just now, but this also happens if I click "allow". The point is,
that URL does indeed start with the URL of VTiger; in config_inc.php, I
have $site_URL set to "https://crm.mysite.com/". Can anyone suggest why
this exception is being thrown, since the URL should be fine? Thanks in
advance.


-- 
Alex Hall
Automatic Distributors, IT department
ahall at autodist.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20180326/1ac60b8c/attachment.html>