/api/graphql 403 forbidden, SuiteCRM 8.3.1 and 8.4.0 (installed in subfolder /suitecrm) about suitecrm-core HOT 10 OPEN

I have also set it up as suitecrm.local (with an entry in my hosts file to 127.0.0.2) to see if it would work if I removed the subfolder component of my installation, but it fails with the exact same error. The installer has then create the .htaccess file in the legacy folder with /legacy/ as the RewriteBase.

from suitecrm-core.

Here's something of interest, I think.

I always configure all PHP pools with a different session.name setting. It seems like SuiteCRM's code assumes it's PHPSESSID in various places. If I change my session.name setting back to the default session.name = PHPSESSID, then things start working a lot better 🤔

from suitecrm-core.

We experienced something similar when upgrading Suitecrm from 8.2.4 to 8.4 and php version 7.4 to 8.2.

When trying to display the opportunities list, the graphql would complain about CSRF token, but we could see it was set and working on other list views.

After further investigation we found an error message in our apache log, complaining about memory issues. The php.ini had a limit at 128mb. When raising the limit, the issue was resolved.

Hope it helps!

from suitecrm-core.

Found this issue with a 8.4 fresh install, and also before when upgrading from a 7.4 to a 8.4.

Maybe the problem is in my Apache setup but it seems that the CSRF token is submitted from the browser in a cookie, but not in a request header as expected by SuiteCRM.

So, I have configured Apache to copy the token from the cookie in the header.

    SetEnvIf Cookie "(^|;\ *)XSRF-TOKEN=([^;\ ]+)" MyCookieValue=$2
    RequestHeader set X-XSRF-TOKEN "%{MyCookieValue}e"

`
And this workaround worked for me.

from suitecrm-core.

@carlitros900 where excactly did you place these commands?

@TwizzX17 I've increased to 256 as well - but without any improvement.

@joho1968 I'm using the standard session config, but still the same problem.

Any other ideas on what to do here?

from suitecrm-core.

I don't really know what got it working, but 8.4.0 is working here now with PHP 8.1.23 on Ubuntu 22.04.LTS.

I have my DocumentRoot set to /var/www/suitecrm/public_html/public, i.e. the public folder of SuiteCRM.

The .htaccess file in the legacy subfolder has this: RewriteBase /legacy/

from suitecrm-core.

@joho1968 Yes, same setup here - .htaccess is standard then.
Still, if I open URL/api/graphql I get the 403.

Any other ideas what you've changed from the standard?
Did you add any redirect rules?
How do you work with the API?
Just open it in the browser or do you use PHP / Python or anything?
Do you first have to authenticate to retrieve the token? Where is this endpoint and what are the parameters to authenticate?
(Sorry for all the questions - this is just frustratring without documentation from SalesAgility)

from suitecrm-core.

I don't think I've changed anything else. Maybe with the exception of PHP's session handling. I saw that a lot of session files were created, so I installed Redis and configured PHP-FPM like so:

[suitecrm.conf]

env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
clear_env = yes
php_admin_value[session.save_handler] = redis
php_admin_value[session.save_path] = "tcp://127.0.0.1:6379"
php_admin_value[sys_temp_dir_string] = "/tmp"

[php.ini]

redis.session.locking_enabled=1
redis.session.lock_retries=-1
redis.session.lock_wait_time=10000

[Apache suitecrm.conf]

<IfModule setenvif_module>
  SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>

I'm not using the API. SuiteCRM ran into the issue itself while calling the API. So no external code was part of my problem, only SuiteCRM's internal code.

from suitecrm-core.

@Chris8080 Is in the virtual host in the apache configuración.
Also ha e found the non standard session name issue

from suitecrm-core.

The internal SuiteCRM code works fine for me.
Settings are all more or less standard as well (including PHP sessions).
LAMP stack, fresh VPS, nothing special so far.
My problem is just the GraphQL API.

from suitecrm-core.