You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm encountering a "403 Access Forbidden by CSRFProtector!" error while attempting to authorize the API. Below is the content of my csrfp.config.php file.
`<?php
/**
Configuration file for CSRF Protector
*/
return array(
"CSRFP_TOKEN" => "7e637*********ed10876f3",
"logDirectory" => "../log",
"failedAuthAction" => array(
"GET" => 0,
"POST" => 0),
"errorRedirectionPage" => "",
"customErrorMessage" => "",
"jsPath" => "../js/csrfprotector.js",
"jsUrl" => "http://teampass.domain.local/includes/libraries/csrfp/js/csrfprotector.js",
"tokenLength" => 50,
"cookieConfig" => array(
"expire" => '',
"path" => '',
"domain" => '',
"secure" => true,
"httponly" => true,
"samesite" => "Lax", // None || Lax || Strict
),
"disabledJavascriptMessage" => "This site attempts to protect users against <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\">
Cross-Site Request Forgeries attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you.
See details of your web browser for how to enable JavaScript.",
"verifyGetFor" => array("type=duo_check", "upload.attachments.php", "upload.files.php", "type=ga_generate_qr")
);`
I'm using the following command to authorize the API:
Teampass version: 3.1.2.29
PHP version: 8.2.7
I'm encountering a "403 Access Forbidden by CSRFProtector!" error while attempting to authorize the API. Below is the content of my csrfp.config.php file.
`<?php
/**
*/
return array(
"CSRFP_TOKEN" => "7e637*********ed10876f3",
"logDirectory" => "../log",
"failedAuthAction" => array(
"GET" => 0,
"POST" => 0),
"errorRedirectionPage" => "",
"customErrorMessage" => "",
"jsPath" => "../js/csrfprotector.js",
"jsUrl" => "http://teampass.domain.local/includes/libraries/csrfp/js/csrfprotector.js",
"tokenLength" => 50,
"cookieConfig" => array(
"expire" => '',
"path" => '',
"domain" => '',
"secure" => true,
"httponly" => true,
"samesite" => "Lax", // None || Lax || Strict
),
"disabledJavascriptMessage" => "This site attempts to protect users against <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\">
Cross-Site Request Forgeries attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you.
See details of your web browser for how to enable JavaScript.",
"verifyGetFor" => array("type=duo_check", "upload.attachments.php", "upload.files.php", "type=ga_generate_qr")
);`
I'm using the following command to authorize the API:
`curl -L -X POST \
docker-compose.yaml
`version: "3"
services:
nginx:
image: jwilder/nginx-proxy:alpine
container_name: tp_nginx
restart: unless-stopped
networks:
- frontend
- backend
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
teampass-web:
image: dormancygrace/teampass:latest
container_name: tp_web
restart: unless-stopped
environment:
VIRTUAL_HOST: teampass.domain.local
VIRTUAL_PORT: 80
volumes:
- /var/tp:/var/www/html
networks:
- teampass-internal
- backend
depends_on:
- db
db:
restart: unless-stopped
image: yobasystems/alpine-mariadb:latest
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: xxx
MYSQL_DATABASE: teampass
MYSQL_PASSWORD: xxxx
MYSQL_USER: teampass
volumes:
- /var/tp-db:/var/lib/mysql
networks:
- teampass-internal
networks:
frontend:
backend:
external: true
teampass-internal:`
The text was updated successfully, but these errors were encountered: