After I have done the latest upgrade to Freepbx I can no longer peform any changes in my web admin portal. The error I get is
POTENTIAL SECURITY BREACH: an attempt was made to modify settings from a URL that did not come from a FreePBX page. This action has been blocked because the HTTP_REFERER does not match your current SERVER. If you require this access, you can set CHECKREFERER=false in amportal.conf to disable this security check
I have looked at the amportal.conf and I don’t see the checkreferer, so I can’t set it to true nor false.
How can I resolved this issues
You can add the following line to /etc/amportal.conf:
however, more importantly what are you trying to do exactly that is resulting in this error so we can make sure that there is not a bug in what has been implemented?
The new code, which is disabled by the above setting, simply checks to make sure that the HTTP REFERRER of any URL that results in changing something in FreePBX was generated by the GUI and not manually input into the URL or otherwise coming from elsewhere. (basically anything we an ‘action=xyz’ in the URL.)
As far as the above not being in your amportal.conf, that file is never updated from upgrades as it controls the state of your installation. When new parameters are added to FreePBX you will find them in SVN for future new installs, but existing configs will use default values unless you add them to your config.
After adding the CHECKREFERER=false in the amportal.conf everything seems to work just fine. I was just trying to simply removing and extension.
can you provide more details on how you were trying to remove the extension? And what browser you are using as well as if you have any plugins that might be omitting the HTTP_REFFERER?
check for a new version of framework, it should fix the issue