[BlueOnyx:24935] Re: WHMCS & API CSRF issue - fixed
Michael Stauber
mstauber at blueonyx.it
Wed Apr 28 18:01:55 -05 2021
Hi Brian,
> From WHMCS, select to open the BO gui, upon entering the credentials,
> it fails with a CSRF message
This has just been fixed in a two-part fix:
Updated base-alpine-* and base-api-* RPMs have been released for
BlueOnyx 5209R, BlueOnyx 5210R and Aventurin{e} 6109R.
Additionally the WHMCS modules for BlueOnyx and Aventurin{e} have been
updated. The updated versions are available here:
https://devel.blueonyx.it/pub/BlueOnyx/TAR/
Logins from WHMCS (backend as well as customer portal) no longer go to
/login, but to /api/apilogin instead. That URL has been excluded from
the CSRF-protection if accessed from your WHMCS instance while the API
itself is enabled.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list