[Vtigercrm-developers] "Illegal request" error when signing into Google from extension settings

Conrado Maggi comaggi at gmail.com
Tue Mar 27 09:02:17 GMT 2018


Check this for a workaround

http://code.vtiger.com/vtiger/vtigercrm/issues/889

Conrado


El El lun, 26 mar 2018 a las 23:02, Alex Hall <ahall at autodist.com> escribió:

> Update: in retrospect, OF COURSE the referrer doesn't contain the CRM's
> URL. The referrer is accounts.google.com, after all. Yet how can VTiger
> include a Google extension, but not include an exception in this rule, so
> Google's URLs can get back to the CRM? I'm going to add such an exception
> manually, but is there a reason I shouldn't? A better way to do this?
> Something I've missed? Thanks.
>
> On Mon, Mar 26, 2018 at 4:51 PM, Alex Hall <ahall at autodist.com> wrote:
>
>> Hello list,
>> When any of our users go to settings > extensions > Google so they can
>> sign in and sync their calendars/contacts, they get an error after allowing
>> or denying Google access. When Google's page appears, they can sign in,
>> then authorize or cancel VTiger's request to access their account. When
>> they choose either option, though, a page appears that simply says "Illegal
>> request" and has  "go back" link below the text.
>>
>> I've found the source of the problem in request.php. Specifically:
>>
>>             global $site_URL;
>>             if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) &&
>> ($this->get('module') != 'Install')) {
>>                 throw new Exception('Illegal request');
>>             }
>>
>> I read this as "if the referrer URL doesn't start with the VTiger
>> install's base URL, and VTiger isn't being installed, throw this
>> exception". This must mean that the URL doesn't start with crm.mysite.com.
>> Yet, the URL of this page is:
>>
>> https://crm.mysite.com/index.php?module=Google&view=Authenticate&service=Google&error=access_denied#
>>
>> The "error" should be because I hit "cancel", not wishing to sync my
>> Google account just now, but this also happens if I click "allow". The
>> point is, that URL does indeed start with the URL of VTiger; in
>> config_inc.php, I have $site_URL set to "https://crm.mysite.com/". Can
>> anyone suggest why this exception is being thrown, since the URL should be
>> fine? Thanks in advance.
>>
>>
>> --
>> Alex Hall
>> Automatic Distributors, IT department
>> ahall at autodist.com
>>
>
>
>
> --
> Alex Hall
> Automatic Distributors, IT department
> ahall at autodist.com
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20180327/c0fbe419/attachment.html>


More information about the vtigercrm-developers mailing list