You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When setting allowedGraphqlOrigins to false form submissions crash.
Steps to reproduce
Create a form (set up like any other form)
Set allowedGraphqlOrigins to false in general.php
Submit a form that has CSRF
Expected behavior
Form gets submitted
Craft & Plugin Info (please complete the following information):
Craft Version: 4.7.3
Freeform Version: 4.1.13
Freeform Edition: Pro
Fresh Install or Upgrade: fresh or upgrade wouldn't make a difference here.
Additional context
I am fairly sure I know where the issue resides, in SubmitController:96 the line $origins = $generalConfig-allowedGraphqlOrigins is set.
Then later it is passed in the corsFilter through $event->getHeaders()
Yii2 framework later does an in_array() check, but the value is still false here.
Resulting in in_array(): Argument #2 ($haystack) must be of type array, bool given on vendor/yiisoft/yii2/filters/Cors.php::prepareHeaders
I'd submit a PR but I currently am short on time to properly test this, I suggest checking the cases where the config is set to false, and possibly also null.
The text was updated successfully, but these errors were encountered:
When setting allowedGraphqlOrigins to false form submissions crash.
Steps to reproduce
Expected behavior
Form gets submitted
Craft & Plugin Info (please complete the following information):
Additional context
I am fairly sure I know where the issue resides, in SubmitController:96 the line
$origins = $generalConfig-allowedGraphqlOrigins
is set.Then later it is passed in the corsFilter through
$event->getHeaders()
Yii2 framework later does an in_array() check, but the value is still false here.
Resulting in
in_array(): Argument #2 ($haystack) must be of type array, bool given
onvendor/yiisoft/yii2/filters/Cors.php::prepareHeaders
I'd submit a PR but I currently am short on time to properly test this, I suggest checking the cases where the config is set to false, and possibly also null.
The text was updated successfully, but these errors were encountered: