问题
In SugarCRM 8.0.1, I am trying to make a new, unregistered action work.
The action is a form and has been added to my custom module. I am trying to reach it from itself in the following manner so that on form submission, the form-data is sent back to itself (aka, the action link leads back to the same page the form is on):
<form method="POST" name="ConfigureSettings" action="#bwc/index.php?module=CustomModule&action=newAction">
Based on SugarCRM Support's Troubleshooting Cross-Site Forgery Messages, the way to add an additional action is as follows:
To add the unregistered action as an allowed action (e.g. custom module), add the following line of code to the
config_override.phpfile:$sugar_config['http_referer']['actions'] =array( 'index', 'ListView', 'DetailView', 'EditView', 'oauth', 'authorize', 'Authenticate', 'Login', 'SupportPortal', 'bad_action' );
Doing this alone does not work, and trying to save my changes or cancel editing my form will still lead to the same error:
Cross Site Request Forgery (XSRF) Attack Detected
Form authentication failure (CustomModule -> newAction). Contact your administrator.
Is there something I have to edit in the $sugar_config to relate it to my specific action? I tried changing bad_action to newAction, but to no avail.
Found a workaround here which will just log the error rather than abort the action, and it proves that my form is working correctly in which I am led back to the same page and the form has been updated.
Unfortunately, this is not a solution to my problem because this is unsafe for a production instance, and I am still not sure why I'm getting the error in the first place as I am not redirecting to a site outside of the instance.
回答1:
Turns out that the HTML form needs to be separated from the PHP file by using a Template file and Smarty tags to replace the instances of PHP in the Template file.
Did the above, then included the {sugar_csrf_form_token} mentioned here in the Template file, and its working correctly now.
来源:https://stackoverflow.com/questions/51864605/unregistered-action-via-custom-module-leads-to-xsrf-attack-detected-error