CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13

The action you have requested is not allowed.

pierrepierre
edited August 2017 in Modules
hi,
in a simple module, i set a field like this :
class Spectacle_fields extends Base_model_fields(){
[...]
$this->set('slide', array(
'type' => 'template',
'display_label' => FALSE,
'label' => 'Slider',
'add_extra' => FALSE,
'repeatable' => TRUE,
'title_field' => 'slide',
'fields' =>
array(
'fichier' => array(
'type' => 'asset',
'label' => 'fichier',
'folder' => 'images/images-spectacles/',
),
'alter' => array(
'type' => "input",
),
'classe' => array(
'type' => "input",
),
),

));
[...]
}
in the model i wrote :
class Spectacles_model extends Base_module_model
{
[...]
public $serialized_fields = array('slide');
[...]
}

i can upload the asset (it is in the right place in assets folder), i see the thumbnail, but when i try to save the record it throw a error :"The action you have requested is not allowed."

Everything works great when i use "select image" button...

what do i wrong ?

thank you for any idea.

Comments

  • almostcompletelyalmostcompletely
    edited 2:59AM
    "The action you have requested is not allowed" relates to CSRF security supported by CodeIgniter. How did you create the upload form (manually or using Fuel Form functions)? Check your CSRF settings in config.php
  • pierrepierre
    edited 2:59AM
    thank you for your response.
    i use Fuel Form Functions.
    you're right : it was related with CSRF security.
    i set :
    $config['csrf_protection'] = TRUE;
    $config['csrf_token_name'] = 'csrf_test_name';
    $config['csrf_cookie_name'] = 'csrf_cookie_name';
    $config['csrf_expire'] = 7200;
    $config['csrf_regenerate'] = TRUE;
    $config['csrf_exclude_uris'] = array('backoffice/.*');

    and now it works !
    thank you again. have a nice day.
Sign In or Register to comment.