I can't attach a file or picture to the tickets

edelgadi · 2023-05-16 21:13:00

Hello everyone:
When I try to attach an image or file (Pasted o loaded from file) I get the following error:

Forbidden
You don't have permission to access this resource
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Does anyone know what could be causing this behavior?

Thanks for your help

cconard96 · 2023-05-16 22:55:42

Which version of GLPI?
If you are using 10.0.2 or later, please check if there are any related entries in the "files/_log/access-errors.log" file.

cconard96 · 2023-05-16 22:56:54

You should also check the php-error.log file in the same folder.

I also recommend checking the permissions on the "files" folder and its sub-folders to ensure the web server user has write permissions.

edelgadi · 2023-05-17 16:14:46

Thanks for your response.
You're correct, I just updated from 10.0.0 to 10.0.7, but the incidence comes since 10.0.0.

There is nothing about in the php_errors log.

Here is the access_error last content. It includes something about CSRF check failed ¿Any idea?:

2023-05-04 17:05:40 [@]
CSRF check failed for User ID: at /ayuda/front/itilsolution.form.php2023-05-04 17:05:49 [@]
CSRF check failed for User ID: at /ayuda/front/itilsolution.form.php2023-05-04 17:06:02 [@]
CSRF check failed for User ID: at /ayuda/front/itilsolution.form.php2023-05-04 17:06:09 [@]
CSRF check failed for User ID: at /ayuda/front/itilsolution.form.php2023-05-05 19:23:52 [272@]
CSRF check failed for User ID: 272 at /ayuda/front/tracking.injector.php2023-05-08 09:16:01 [@]
CSRF check failed for User ID: at /ayuda/front/login.php2023-05-08 11:02:01 [280@]
CSRF check failed for User ID: 280 at /ayuda/front/document.form.php2023-05-08 11:02:03 [280@]
CSRF check failed for User ID: 280 at /ayuda/front/document.form.php2023-05-08 12:16:05 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/login.php2023-05-08 16:45:46 [268@]
CSRF check failed for User ID: 268 at /ayuda/front/ticket.form.php?id=13622023-05-08 17:11:55 [7@]
CSRF check failed for User ID: 7 at /ayuda/ajax/fileupload.php2023-05-08 17:12:22 [7@]
CSRF check failed for User ID: 7 at /ayuda/ajax/fileupload.php2023-05-08 18:52:53 [@]
CSRF check failed for User ID: at /ayuda/front/login.php2023-05-08 18:53:09 [182@]
CSRF check failed for User ID: 182 at /ayuda/front/tracking.injector.php2023-05-09 14:23:05 [268@]
CSRF check failed for User ID: 268 at /ayuda/front/ticket.form.php2023-05-09 16:20:34 [172@]
User ID: 172 tried to access or perform an action on /ayuda/front/contact_supplier.form.php with insufficient rights. Additional information: User failed a can* method check for right 4 (unknown right name) on item Type: Contact_Supplier ID: -1
Stack Trace:
/home/soport62/public_html/ayuda/src/CommonDBTM.php:2946 displayRightError()
/home/soport62/public_html/ayuda/front/contact_supplier.form.php:47 check()
2023-05-11 12:52:37 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/mailcollector.form.php2023-05-11 13:59:24 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/massiveaction.php2023-05-11 14:04:16 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/massiveaction.php2023-05-14 16:00:43 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/login.php2023-05-14 17:16:50 [@]
CSRF check failed for User ID: at /ayuda/front/login.php2023-05-15 09:14:59 [@]
CSRF check failed for User ID: at /ayuda/front/login.php2023-05-15 10:48:17 [215@]
User ID: 215 tried to access or perform an action on /ayuda/front/user.form.php?id=215 with insufficient rights. Additional information: No additional information given
Stack Trace:
/home/soport62/public_html/ayuda/src/CommonDBTM.php:6240 displayRightError()
/home/soport62/public_html/ayuda/src/CommonDBTM.php:6328 displayAccessDeniedPage()
/home/soport62/public_html/ayuda/front/user.form.php:241 displayFullPageForItem()
2023-05-15 11:07:28 [@]
CSRF check failed for User ID: at /ayuda/front/change.form.php?id=962023-05-15 11:07:32 [@]
CSRF check failed for User ID: at /ayuda/front/change.form.php?id=962023-05-15 11:07:36 [@]
CSRF check failed for User ID: at /ayuda/front/change.form.php?id=962023-05-15 22:43:50 [@]
CSRF check failed for User ID: at /ayuda/front/login.php2023-05-16 07:14:39 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/login.php2023-05-16 17:08:56 [285@]
User ID: 285 tried to access or perform an action on /ayuda/front/user.form.php?id=285 with insufficient rights. Additional information: Missing READ right. Cannot view the item.
Stack Trace:
/home/soport62/public_html/ayuda/src/CommonDBTM.php:6354 displayRightError()
/home/soport62/public_html/ayuda/src/CommonDBTM.php:6444 displayAccessDeniedPage()
/home/soport62/public_html/ayuda/front/user.form.php:241 displayFullPageForItem()
2023-05-16 17:10:32 [285@]
CSRF check failed for User ID: 285 at /ayuda/front/itilfollowup.form.php

cconard96 · 2023-05-18 13:45:41

CSRF check failures usually indicate that someone tried submitting a form two hours or more after the page was loaded, which means the token provided had expired.

sandroalves · 2023-05-18 14:22:49

cconard96 wrote:

CSRF check failures usually indicate that someone tried submitting a form two hours or more after the page was loaded, which means the token provided had expired.

Hi.

The problem in my case (The action you requested is not allowed by sandroalves) is similar or equal to this one.

Is it a BUG?

Thanks.

Last edited by sandroalves (2023-05-18 14:29:43)

cconard96 · 2023-05-18 14:53:18

If it has been more than two hours, it is not a bug.

edelgadi · 2023-05-18 20:01:51

The situation here is, the error happens right in the moment when I paste the image and then click "+Add" for a response or a new ticket. 5 seconds?

sandroalves · 2023-05-18 21:35:36

Hi,

exactly.

My case too.

When I try to add some types of specific extensions.

Other extensions accepted normally.

I don't know what is the default extension that already comes in the default GLPI, but a type that I added a little while ago is not accepting it.

So I'm not sure if it is accepting only those that were added later or not accepting what is already configured by default.

I'm trying to validate to understand the logic of the possible error.

This started to happen in version 10.0.7, before it worked perfectly.

Thanks.

drilling.29 · 2023-05-25 00:42:21

I am also having this issue on 10.0.7 specifically with XLSX files. I see the file upload to _tmp but never moves after the error. Same Files as XLS works. Also uploads fine from the email receiver.
Error is CSRF check failed for User ID: at /front/itilfollowup.form.php

Which first thing I notice is there is no User ID

Have removed and added back the XLSX document type and verified it is set to allow.

Running PHP 8.2.5 now 8.2.6
IIS on server 2019 up to date

Happens even after rebooting the server.

Last edited by drilling.29 (2023-05-25 00:43:29)

sandroalves · 2023-05-26 18:00:02

drilling.29 wrote:

I am also having this issue on 10.0.7 specifically with XLSX files. I see the file upload to _tmp but never moves after the error. Same Files as XLS works. Also uploads fine from the email receiver.
Error is CSRF check failed for User ID: at /front/itilfollowup.form.php
Which first thing I notice is there is no User ID
Have removed and added back the XLSX document type and verified it is set to allow.
Running PHP 8.2.5 now 8.2.6
IIS on server 2019 up to date
Happens even after rebooting the server.

Hello,

I see that you use windows environment.

Changing the subject, were you able to resolve the error message (Web server root directory configuration is not safe as it allows access to non-public files. See installation documentation for more details)?

Can you tell me how you configured your site to compare with our configuration?

Thanks.

Forum GLPI-Project

Announcement

#1 2023-05-16 21:13:00

I can't attach a file or picture to the tickets

#2 2023-05-16 22:55:42

Re: I can't attach a file or picture to the tickets

#3 2023-05-16 22:56:54

Re: I can't attach a file or picture to the tickets

#4 2023-05-17 16:14:46

Re: I can't attach a file or picture to the tickets

#5 2023-05-18 13:45:41

Re: I can't attach a file or picture to the tickets

#6 2023-05-18 14:22:49

Re: I can't attach a file or picture to the tickets

#7 2023-05-18 14:53:18

Re: I can't attach a file or picture to the tickets

#8 2023-05-18 20:01:51

Re: I can't attach a file or picture to the tickets

#9 2023-05-18 21:35:36

Re: I can't attach a file or picture to the tickets

#10 2023-05-25 00:42:21

Re: I can't attach a file or picture to the tickets

#11 2023-05-26 18:00:02

Re: I can't attach a file or picture to the tickets

Board footer