You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
Pages: 1
#1 2022-05-09 15:51:40
- lucaszephyr
- Member
- Registered: 2022-04-25
- Posts: 29
blocked method POST php
I'm creating a new form in glpi, using the GET method, but when I change the method to POST I get "The action you requested is not allowed.". Does GLPI not block the POST method?
Offline
#2 2022-05-10 00:35:14
- cconard96
- Moderator
- Registered: 2018-07-31
- Posts: 2,813
- Website
Re: blocked method POST php
When using POST calls, you have to have a valid CSRF token in the request (security check).
Typically, this is done by adding a hidden input named "_glpi_csrf_token" with the value equal to the result of "Session::getNewCSRFToken()" which will create the security token and store it in the user's session, then return the token ID.
When the server gets the POST request, it ensures that the token exists in the user session and that it is also not expired (2 hours by default).
The simple option is to just call "Html::closeForm" at the end of the for to add the CSRF token input and echo or add the end form tag.
GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.
Offline
#3 2022-09-27 18:32:19
- ec2311
- Member
- Registered: 2016-04-07
- Posts: 352
Re: blocked method POST php
When using POST calls, you have to have a valid CSRF token in the request (security check).
Typically, this is done by adding a hidden input named "_glpi_csrf_token" with the value equal to the result of "Session::getNewCSRFToken()" which will create the security token and store it in the user's session, then return the token ID.
When the server gets the POST request, it ensures that the token exists in the user session and that it is also not expired (2 hours by default).The simple option is to just call "Html::closeForm" at the end of the for to add the CSRF token input and echo or add the end form tag.
Hello @cconard96,
I put a html::closeform() just after the submit button.
And I always have the same error.
What could be wrong ?
I know that the script was running.
I have a part of form (inputs) and javascript (set after the closeform function)
as soon as I click on submit -> error message 
Thanks for your help
GLPI 10.0.10
GLPIinventory 1.3.4
Agents : FI (2.6, 2.5) et Glpiagents (1.7)
Offline
#4 2022-09-27 22:43:29
- cconard96
- Moderator
- Registered: 2018-07-31
- Posts: 2,813
- Website
Re: blocked method POST php
The close form method call should be after all form inputs are echoed as it adds the end form tag "</form>". The JavaScript should be OK after the closeForm.
GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.
Offline
#5 2022-09-28 11:29:42
- ec2311
- Member
- Registered: 2016-04-07
- Posts: 352
Re: blocked method POST php
Hello @cconard96
thanks for your reply
In spite of your explanation, the problem was always there
But I found the real problem :
the inc/includes.php was done twice in the same script (at the top) (due to differents include)
I update one of it by include_once instead of include, and the problem disapeared
thanks
GLPI 10.0.10
GLPIinventory 1.3.4
Agents : FI (2.6, 2.5) et Glpiagents (1.7)
Offline
Pages: 1