@mrowand The whole point of the checkAuthAndCSRF is to prevent unauthorized access. Based on the message I’m seeing, the 403 forbidden is happening because it’s crossing origin to get the data or the CSRF token isn’t passing correctly:

Here’s the code that validates:

// Optional defense-in-depth: Origin/Referer check for state-changing requests public static function checkOrigin(array $allowedOrigins): void { $method = strtoupper($_SERVER['REQUEST_METHOD'] ?? 'GET'); if (!in_array($method, ['POST','PUT','PATCH','DELETE'], true)) { return; } $origin = $_SERVER['HTTP_ORIGIN'] ?? null; $referer = $_SERVER['HTTP_REFERER'] ?? null; if ($origin) { foreach ($allowedOrigins as $allowed) { if (stripos($origin, $allowed) === 0) { return; } } http_response_code(403); echo _('Forbidden (disallowed Origin)'); exit; } elseif ($referer) { foreach ($allowedOrigins as $allowed) { if (stripos($referer, $allowed) === 0) { return; } } http_response_code(403); echo _('Forbidden (disallowed Referer)'); exit; } // If neither header is present, you can decide to be strict or lenient. // Often lenient to avoid breaking weird client setups. }

I suspect your console has more information leading to the specific error that was hit.

ultimately the code is working as expected and there’s something in your environment causing the issue. Now, to be fair, you said you installed Stable, and Dev-branch has a fix of which I admit I missed.

If you’re willing/able to install the dev-branch I suspect you’ll see this is working much better.

@ rodluz

Okay - So I got FOG working on my rocky 9.6 set up with a few caveats.

I had to do some work to get tftp and pxe to work correctly.

created a symlink from /var/lib/tftpboot > /tftpboot

enabled and started the tftp service manually - systemctl enable tftp & systemctl start tftp

then created a file in /etc/systemd/system/tftp.socket.d/override.conf (after making a director /tftp.socket.d and giving that file permissions) with the following code:

[Socket]
ListenDatagram=69

[Service]
ExecStart=
ExecStart=/usr/sbn/in.tftpf --foreground --secure /tftpboot

reloading the systemd service daemon - “systemctl daemon-reload” & “systemctl restart tftp.socket”

The server would then pxeboot at least BIOS at this point.

The Web UI currently seems to have php conflicts. I installed php-8.0.30-3 and the modules connected to this when installing the server. The web UI has a quirk on the FOG configuration page when you have a button for DefaultMember FOG Version: () it is not printing the version of FOG or the versions of bzimage or init.xz files and in checking using curl http://ip-address-of-server/fog/service/getversion.php - i ony see - 1.5.10.1698

here is a picture of the error

error.png

Dear Tom,

Thanks, and this is what I figured. At least I can pxe boot it and capture the image now, if I switch it to “AHCI/NVMe” mode, and switch back to “RAID” mode to boot the single NVMe drive.

I made this known so we can reach out to Dell and possibly have this changed as it actually doesn’t need this “RAID” mode.

Also we still have to disable secure boot on any computer either HP or Dell to get the pxe boot to work.

We did manage to use FOG to capture a RAID from an HPE DL380 Proliant Gen10 RAID controller and use that to load Windows Server 2022 now, so it does seem the kernel is the issue here on this intel motherboard RAID.

Regards,

Matt

@Tom-Elliott

Thanks Tom. Understood.

An Idea I had was programming this into the BIOS or requesting HP to make a BIOS/UFEI which has this feature of “channels”

Or using a boot file, such as with secure boot, but that would require HP or Dell or whichever PC manufacturer to make boot files for secure boot.

but this would be out of the scope of the project.

I do appreciate your input though.

Regards,

Matt

@Tom-Elliott

Thanks Tom.

I since went with 1.5.9 and was able to re-install the server with that, I did have to run the installer a few times to load all the missing packages.

I ended up putting the kernel, init files there manually. Then with the installer running and adding the --ignore fail switch installed the files that way.

Then I updated to the latest kernel in the FOG GUI so I have the latest kernel running as I need this for current HP Z2 G9 mini and small form factor computers.

This is running so I considered this solved.

Matt