Fixing VTiger "Illegal request" for links from other domains
Problem
You’ve got a link to your VTiger installation from another domain, but any time you open it, you get an Illegal request
error message, even though you are logged in correctly.
Solution
The reason for this error message is that vtiger validates the Referer (i.e. source URL of the request) as a protection layer against certain security issues, for example CSRF (cross-site request forgery). We will disable the referer check. Be sure to understand the implications before you do as suggested.
Disabling involves only editing a single code line. I tested this with VTiger 6.5.0, but likely only minor adjustments have to be made for other versions.
Steps to fix:
- Open
<your vtiger directory>/includes/http/Request.php
in a text editor - In the editor. search for Illegal request. You will see a code block like this:
Request.php
protected function validateReferer() {
$user= vglobal('current_user');
// Referer check if present - to over come
if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check for user post authentication.
global $site_URL;
if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && ($this->get('module') != 'Install')) {
throw new Exception('Illegal request');
}
}
return true;
}
- Comment out
throw new Exception('Illegal request');
with//
(results in//throw new Exception('Illegal request');
) - The code block should now look like this:
Request.php
protected function validateReferer() {
$user= vglobal('current_user');
// Referer check if present - to over come
if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check for user post authentication.
global $site_URL;
if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && ($this->get('module') != 'Install')) {
//throw new Exception('Illegal request');
}
}
return true;
}
- Save the file
- The fix should be in effect immediately, otherwise restart your webserver.
Check out similar posts by category:
CRM
If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow