Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Action you have requested is not allowed error

I made a module named Gallery which works fine on my localhost with version 2.0.3, but when using version 2.1.0 on a remote site I can not submit a form and I get the error:

The action you have requested is not allowed.

Why is this?

like image 510
Faruk Omar Avatar asked Apr 30 '12 12:04

Faruk Omar


2 Answers

It is a Codeigniter error related to the CSRF protection. You can cancel it in cms/config/config.php

like image 127
Yan Berk Avatar answered Sep 18 '22 02:09

Yan Berk


I agree with @Jhourlad Estrella on fixing the problems instead of disabling a security feature, however I feel that the real problem is with the hidden input field that holds the token.

Instead of using plain HTML to create a form element use the the form_open() and form_close() helper functions. The reason why is because when you use the helper function it automatically inserts the csrf token as a hidden field in the form.

You could do this manually as well by adding the token as a hidden input field in the form

<input type="hidden" name="csrf_hash_name" value="your-hash-value-here">

Doing it this way will allow you to stay protected from CSRF attacks and fix the problem you are having.

Hope this helps someone else out there as this was driving me nuts the first time figuring this out.

like image 38
JoeMoe1984 Avatar answered Sep 20 '22 02:09

JoeMoe1984