I'm encountering a "403 Access Forbidden by CSRFProtector!" error while attempting to authorize the API. Below is the content of my csrfp.config.php file.
`<?php
/**
Configuration file for CSRF Protector
*/
return array(
"CSRFP_TOKEN" => "7e*637**ed10876f3",
"logDirectory" => "../log",
"failedAuthAction" => array(
"GET" => 0,
"POST" => 0),
"errorRedirectionPage" => "",
"customErrorMessage" => "",
"jsPath" => "../js/csrfprotector.js",
"jsUrl" => "http://teampass.domain.local/includes/libraries/csrfp/js/csrfprotector.js",
"tokenLength" => 50,
"cookieConfig" => array(
"expire" => '',
"path" => '',
"domain" => '',
"secure" => true,
"httponly" => true,
"samesite" => "Lax", // None || Lax || Strict
),
"disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\">
Cross-Site Request Forgeries attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you.
See details of your web browser for how to enable JavaScript.",
"verifyGetFor" => array("type=duo_check", "upload.attachments.php", "upload.files.php", "type=ga_generate_qr")
);`
I'm using the following command to authorize the API:
justin77x
commented
2 months ago
Teampass version: 3.1.2.29 PHP version: 8.2.7
I'm encountering a "403 Access Forbidden by CSRFProtector!" error while attempting to authorize the API. Below is the content of my csrfp.config.php file.
`<?php /**
return array( "CSRFP_TOKEN" => "7e*637**ed10876f3", "logDirectory" => "../log", "failedAuthAction" => array( "GET" => 0, "POST" => 0), "errorRedirectionPage" => "", "customErrorMessage" => "", "jsPath" => "../js/csrfprotector.js", "jsUrl" => "http://teampass.domain.local/includes/libraries/csrfp/js/csrfprotector.js", "tokenLength" => 50, "cookieConfig" => array( "expire" => '', "path" => '', "domain" => '', "secure" => true, "httponly" => true, "samesite" => "Lax", // None || Lax || Strict ), "disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\"> Cross-Site Request Forgeries attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you. See details of your web browser for how to enable JavaScript.", "verifyGetFor" => array("type=duo_check", "upload.attachments.php", "upload.files.php", "type=ga_generate_qr") );`
I'm using the following command to authorize the API:
`curl -L -X POST \
docker-compose.yaml
`version: "3" services: nginx: image: jwilder/nginx-proxy:alpine container_name: tp_nginx restart: unless-stopped networks:
/var/run/docker.sock:/tmp/docker.sock:ro
teampass-web: image: dormancygrace/teampass:latest container_name: tp_web restart: unless-stopped environment: VIRTUAL_HOST: teampass.domain.local VIRTUAL_PORT: 80 volumes:
networks: frontend: backend: external: true teampass-internal:`