[Vtigercrm-developers] "Illegal request" error when signing into Google from extension settings
Alex Hall
ahall at autodist.com
Tue Mar 27 11:44:06 GMT 2018
Thanks, Conrado. I'm glad to know I'm not alone in this problem. The
workaround I added yesterday is almost the same as what was suggested,
though I added a check that the URL isn't accounts.google.com rather than a
check on the module. Still, it works. I'm still quite surprised that this
wasn't part of the recent hot fix for 7.1. Maybe next time.
On Tue, Mar 27, 2018 at 5:02 AM, Conrado Maggi <comaggi at gmail.com> wrote:
> Check this for a workaround
>
> http://code.vtiger.com/vtiger/vtigercrm/issues/889
>
> Conrado
>
>
> El El lun, 26 mar 2018 a las 23:02, Alex Hall <ahall at autodist.com>
> escribió:
>
>> Update: in retrospect, OF COURSE the referrer doesn't contain the CRM's
>> URL. The referrer is accounts.google.com, after all. Yet how can VTiger
>> include a Google extension, but not include an exception in this rule, so
>> Google's URLs can get back to the CRM? I'm going to add such an exception
>> manually, but is there a reason I shouldn't? A better way to do this?
>> Something I've missed? Thanks.
>>
>> On Mon, Mar 26, 2018 at 4:51 PM, Alex Hall <ahall at autodist.com> wrote:
>>
>>> Hello list,
>>> When any of our users go to settings > extensions > Google so they can
>>> sign in and sync their calendars/contacts, they get an error after allowing
>>> or denying Google access. When Google's page appears, they can sign in,
>>> then authorize or cancel VTiger's request to access their account. When
>>> they choose either option, though, a page appears that simply says "Illegal
>>> request" and has "go back" link below the text.
>>>
>>> I've found the source of the problem in request.php. Specifically:
>>>
>>> global $site_URL;
>>> if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) &&
>>> ($this->get('module') != 'Install')) {
>>> throw new Exception('Illegal request');
>>> }
>>>
>>> I read this as "if the referrer URL doesn't start with the VTiger
>>> install's base URL, and VTiger isn't being installed, throw this
>>> exception". This must mean that the URL doesn't start with
>>> crm.mysite.com. Yet, the URL of this page is:
>>> https://crm.mysite.com/index.php?module=Google&view=
>>> Authenticate&service=Google&error=access_denied#
>>>
>>> The "error" should be because I hit "cancel", not wishing to sync my
>>> Google account just now, but this also happens if I click "allow". The
>>> point is, that URL does indeed start with the URL of VTiger; in
>>> config_inc.php, I have $site_URL set to "https://crm.mysite.com/". Can
>>> anyone suggest why this exception is being thrown, since the URL should be
>>> fine? Thanks in advance.
>>>
>>>
>>> --
>>> Alex Hall
>>> Automatic Distributors, IT department
>>> ahall at autodist.com
>>>
>>
>>
>>
>> --
>> Alex Hall
>> Automatic Distributors, IT department
>> ahall at autodist.com
>> _______________________________________________
>> http://www.vtiger.com/
>
>
> _______________________________________________
> http://www.vtiger.com/
>
--
Alex Hall
Automatic Distributors, IT department
ahall at autodist.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20180327/6b9758b7/attachment.html>
More information about the vtigercrm-developers
mailing list