[Vtigercrm-developers] "Illegal request" error when signing into Google from extension settings

Alex Hall ahall at autodist.com
Mon Mar 26 21:01:55 GMT 2018 

Update: in retrospect, OF COURSE the referrer doesn't contain the CRM's
URL. The referrer is accounts.google.com, after all. Yet how can VTiger
include a Google extension, but not include an exception in this rule, so
Google's URLs can get back to the CRM? I'm going to add such an exception
manually, but is there a reason I shouldn't? A better way to do this?
Something I've missed? Thanks.

On Mon, Mar 26, 2018 at 4:51 PM, Alex Hall <ahall at autodist.com> wrote:

> Hello list,
> When any of our users go to settings > extensions > Google so they can
> sign in and sync their calendars/contacts, they get an error after allowing
> or denying Google access. When Google's page appears, they can sign in,
> then authorize or cancel VTiger's request to access their account. When
> they choose either option, though, a page appears that simply says "Illegal
> request" and has  "go back" link below the text.
>
> I've found the source of the problem in request.php. Specifically:
>
>             global $site_URL;
>             if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) &&
> ($this->get('module') != 'Install')) {
>                 throw new Exception('Illegal request');
>             }
>
> I read this as "if the referrer URL doesn't start with the VTiger
> install's base URL, and VTiger isn't being installed, throw this
> exception". This must mean that the URL doesn't start with crm.mysite.com.
> Yet, the URL of this page is:
> https://crm.mysite.com/index.php?module=Google&view=
> Authenticate&service=Google&error=access_denied#
>
> The "error" should be because I hit "cancel", not wishing to sync my
> Google account just now, but this also happens if I click "allow". The
> point is, that URL does indeed start with the URL of VTiger; in
> config_inc.php, I have $site_URL set to "https://crm.mysite.com/". Can
> anyone suggest why this exception is being thrown, since the URL should be
> fine? Thanks in advance.
>
>
> --
> Alex Hall
> Automatic Distributors, IT department
> ahall at autodist.com
>



-- 
Alex Hall
Automatic Distributors, IT department
ahall at autodist.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20180326/462b60e9/attachment-0001.html>

More information about the vtigercrm-developers mailing list