Categories

  • Get help with your FOG system.
    FOG Problems Hardware Compatibility Windows Problems Linux Problems Mac Problems General Problems
    12k Topics
    114k Posts
    rogalskijR

    @Clebboii A workaround that always worked for me that was recommended by Tom was to use the full DNS name rather than the IP address. I was initially logging into the UI through the IP, and found that very same issue. When he mentioned it and I started using the full DNS name, the issue went away.

  • Get the latest news on what's happening.
    Security Advisories
    184 Topics
    825 Posts
    A

    @Tom-Elliott I really appreciate that you are putting effort into providing more frequent releases, which makes it easier for everyone to deploy new security fixes in time. Keep up the good work!

  • View tutorials or talk about FOG in general.
    General Tutorials
    2k Topics
    19k Posts
    A

    @george1421 I see now and you’re right as my clients are all legacy boot/BIOS boot non UEFI and would not benefit from the client-arch examination.

    I’ve already declarations set for each host in my dhcpd.conf file in terms if MAC to IP and so adding another field of filename “some boot loader file” won’t be impossible.

    Thanks you for this exercise as I’ve learned some very important things here.

  • Report bugs, request features, or get the latest progress.
    General Feature Request Bug Reports
    2k Topics
    21k Posts
    Tom ElliottT

    @mrowand The whole point of the checkAuthAndCSRF is to prevent unauthorized access. Based on the message I’m seeing, the 403 forbidden is happening because it’s crossing origin to get the data or the CSRF token isn’t passing correctly:

    Here’s the code that validates:

    // Optional defense-in-depth: Origin/Referer check for state-changing requests public static function checkOrigin(array $allowedOrigins): void { $method = strtoupper($_SERVER['REQUEST_METHOD'] ?? 'GET'); if (!in_array($method, ['POST','PUT','PATCH','DELETE'], true)) { return; } $origin = $_SERVER['HTTP_ORIGIN'] ?? null; $referer = $_SERVER['HTTP_REFERER'] ?? null; if ($origin) { foreach ($allowedOrigins as $allowed) { if (stripos($origin, $allowed) === 0) { return; } } http_response_code(403); echo _('Forbidden (disallowed Origin)'); exit; } elseif ($referer) { foreach ($allowedOrigins as $allowed) { if (stripos($referer, $allowed) === 0) { return; } } http_response_code(403); echo _('Forbidden (disallowed Referer)'); exit; } // If neither header is present, you can decide to be strict or lenient. // Often lenient to avoid breaking weird client setups. }

    I suspect your console has more information leading to the specific error that was hit.

    ultimately the code is working as expected and there’s something in your environment causing the issue. Now, to be fair, you said you installed Stable, and Dev-branch has a fix of which I admit I missed.

    If you’re willing/able to install the dev-branch I suspect you’ll see this is working much better.

193

Online

12.3k

Users

17.4k

Topics

155.8k

Posts