csrfsugarcrm

Sugarcrm 8 XSRF


I've backup of ondemand instance for sugarcrm version 8.0.0 Enterprise Edition

It works normal for CRUD records and other stuff, but when I try to upload module via Zip it gives me following error

Cross Site Request Forgery (XSRF) Attack Detected

Form authentication failure (Administration -> UpgradeWizard). Contact your administrator.

I've tried following article Troubleshooting Cross-Site Forgery Messages

But the problem still persists. The problem only occurs for BWC modules IMO.


Solution

  • EDIT: Before trying this work-around, check if you have the HTTP referer header disabled in your web browser, as that might be the reason for having the described problem in the first place.

    If this is a local test/dev-instance you might want to add

    ['csrf']['soft_fail_form'] = true,
    

    to your $sugar_config in config.php or config_override.php. That should cause the error to be logged only instead of aborting the action.

    Note: This works on Sugar 7.9. I have yet to test it on 8.0.

    Source: https://community.sugarcrm.com/community/developer/blog/2017/10/11/upcoming-security-changes-to-sugar