You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
Pages: 1
#1 2023-05-16 05:02:52
- sandroalves
- Member
- Registered: 2021-07-03
- Posts: 33
The action you requested is not allowed
Hi friends,
After updating to version 10.0.7 when we try to add some file formats it shows like this:
Error: The action you requested is not allowed.
We try to add a new format, we confirm that GLPI understands if the format is authorized or not during the adding process, but it shows the error (The action you requested is not allowed).
Thanks.
Offline
#2 2023-05-16 23:14:38
- cconard96
- Moderator
- Registered: 2018-07-31
- Posts: 2,813
- Website
Re: The action you requested is not allowed
Hello,
Please check the "files/_log/access-errors.log" file to see if there is more information about the error.
GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.
Offline
#3 2023-05-17 21:34:54
- sandroalves
- Member
- Registered: 2021-07-03
- Posts: 33
Re: The action you requested is not allowed
Hi, cconard96
Interesting, I didn't know these error logs existed.
This LOG is big, it has errors from other days, but when I run it and the error occurs, it just shows like this:
CSRF check failed for User ID: at /front/itilfollowup.form.php2023-05-17 11:42:17 [315@SERVER]
CSRF check failed for User ID: 315 at /front/itilsolution.form.php2023-05-17 13:25:25 [315@SERVER]
CSRF check failed for User ID: 315 at /ajax/getDropdownValue.php2023-05-17 13:26:13 [@SERVER]
CSRF check failed for User ID: at /front/itilfollowup.form.php2023-05-17 13:28:15 [145@SERVER]
CSRF check failed for User ID: 145 at /front/ticket.form.php?id=358282023-05-17 14:33:09 [@SERVER]
CSRF check failed for User ID: at /front/login.php2023-05-17 16:20:46 [@SERVER]
CSRF check failed for User ID: at /front/tracking.injector.php2023-05-17 16:21:22 [@SERVER]
CSRF check failed for User ID: at /front/tracking.injector.php2023-05-17 16:25:21 [@SERVER]
CSRF check failed for User ID: at /front/itilfollowup.form.php2023-05-17 16:25:51 [@SERVER]
CSRF check failed for User ID: at /front/itilfollowup.form.php2023-05-17 16:26:13 [@SERVER]
CSRF check failed for User ID: at /front/itilfollowup.form.php
Thanks.
Offline
#4 2023-05-17 22:17:02
- sandroalves
- Member
- Registered: 2021-07-03
- Posts: 33
Re: The action you requested is not allowed
Now, looking in detail, I see that since I updated the version at the beginning of April, I believe it was on 4/8/23.
After that, these errors appear in the php LOG:
[2023-04-10 15:54:57] glpiphplog.WARNING: *** PHP User Warning (512): Failed to create PendingReason_Item in Unit:\Directory\home\src\PendingReason_Item.php at line 102
Backtrace:
src\PendingReason_Item.php:102 trigger_error()
src\PendingReason_Item.php:382 PendingReason_Item::createForItem()
src\CommonITILTask.php:388 PendingReason_Item::handleTimelineEdits()
src\CommonDBTM.php:1718 CommonITILTask->post_updateItem()
front\commonitiltask.form.php:94 CommonDBTM->update()
front\tickettask.form.php:39 include()
I see something like this also in access-errors, but since 2022:
User ID: 335 tried to access or perform an action on /front/ticketvalidation.form.php with insufficient rights. Additional information: User failed a can* method check for right 16 (unknown right name) on item Type: TicketValidation ID: 10
StackTrace:
Drive:\Directory\home\src\CommonDBTM.php:2946 displayRightError() Drive:\Directory\home\front\commonitilvalidation.form.php:98 check() Drive:\Directory\home\front\ticketvalidation.form.php :40 include()
Thanks.
Offline
#5 2023-05-18 13:35:47
- cconard96
- Moderator
- Registered: 2018-07-31
- Posts: 2,813
- Website
Re: The action you requested is not allowed
The access-errors log was only recently added.
None of these errors seem related to documents.
CSRF check failures are usually caused by a security token expiring. The default expiration for them is two hours. They are generated when you request a page with a form. If you try to submit that form, the token is validated with what is stored on the server. So, if you try to submit a form 2 hours or more after the page was loaded, it will fail and you will see the "not allowed" error.
I have no idea why a pending reason would fail to be created.
The ticket validation error is from someone trying to delete/purge a validation without permission.
GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.
Offline
#6 2023-05-18 14:28:19
- sandroalves
- Member
- Registered: 2021-07-03
- Posts: 33
Re: The action you requested is not allowed
The access-errors log was only recently added.
None of these errors seem related to documents.CSRF check failures are usually caused by a security token expiring. The default expiration for them is two hours. They are generated when you request a page with a form. If you try to submit that form, the token is validated with what is stored on the server. So, if you try to submit a form 2 hours or more after the page was loaded, it will fail and you will see the "not allowed" error.
I have no idea why a pending reason would fail to be created.
The ticket validation error is from someone trying to delete/purge a validation without permission.
Hi,
there is a case similar to mine here in the community (I can't attach a file or picture to the tickets by edelgadi).
Is it a BUG?
Thanks.
Offline
Pages: 1