Sugarcrm 8 XSRF [英] Sugarcrm 8 XSRF

问题描述

我已经备份了Sugarcrm版本8.0.0企业版的按需实例

I've backup of ondemand instance for sugarcrm version 8.0.0 Enterprise Edition

它对于CRUD记录和其他内容正常工作，但是当我尝试上传模块时通过Zip给我以下错误

It works normal for CRUD records and other stuff, but when I try to upload module via Zip it gives me following error

Cross Site Request Forgery (XSRF) Attack Detected

Form authentication failure (Administration -> UpgradeWizard). Contact your administrator.

我已经尝试了以下文章
解决跨站伪造消息

I've tried following article Troubleshooting Cross-Site Forgery Messages

但是问题仍然存在。仅对于BWC模块IMO会出现此问题。

But the problem still persists. The problem only occurs for BWC modules IMO.

推荐答案

编辑：在尝试此替代方法之前，请检查您是否具有HTTP引用程序标头已在您的Web浏览器中禁用，因为这可能是首先遇到上述问题的原因。

Before trying this work-around, check if you have the HTTP referer header disabled in your web browser, as that might be the reason for having the described problem in the first place.

如果这是本地测试/开发实例，则可能想要添加

If this is a local test/dev-instance you might want to add

['csrf']['soft_fail_form'] = true,

到 config.php $ sugar_config $ c>或 config_override.php 。这应该导致仅记录错误而不是中止操作。

to your $sugar_config in config.php or config_override.php. That should cause the error to be logged only instead of aborting the action.

注意：这在Sugar 7.9上有效。我尚未在8.0上进行测试。

Note: This works on Sugar 7.9. I have yet to test it on 8.0.

来源： https://community.sugarcrm.com/community/developer/blog/2017/10/11/upcoming-security-changes-to-糖

这篇关于Sugarcrm 8 XSRF的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！