Fixing VTiger "Illegal request" for links from other domains

Problem:

You’ve got a link to your VTiger installation from another domain, but any time you open it, you get an Illegal request error message, even though you are logged in correctly.

Solution:

The reason for this error message is that vtiger validates the Referer (i.e. source URL of the request) as a protection layer against certain security issues, for example CSRF (cross-site request forgery). We will disable the referer check. Be sure to understand the implications before you do as suggested.

Disabling involves only editing a single code line. I tested this with VTiger 6.5.0, but likely only minor adjustments have to be made for other versions.

Steps to fix:

protected function validateReferer() {
$user=  vglobal('current_user');
        // Referer check if present - to over come 
        if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check for user post authentication.
                global $site_URL;
                if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && ($this->get('module') != 'Install')) {
                        throw new Exception('Illegal request');
                }
        }
        return true;
}
 
protected function validateReferer() {
$user=  vglobal('current_user');
        // Referer check if present - to over come 
        if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check for user post authentication.
                global $site_URL;
                if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && ($this->get('module') != 'Install')) {
                        //throw new Exception('Illegal request');
                }
        }
        return true;
}