[BlueOnyx:24936] Re: WHMCS & API CSRF issue - fixed
Fungal Style
wayin at hotmail.com
Wed Apr 28 20:04:58 -05 2021
Hi Michael, sounds good, will see if I can test over the weekend.
Thank you again for your hard work and dedication.
Brian
On 29/4/21, 9:09 am, "Blueonyx on behalf of Michael Stauber" <blueonyx-bounces at mail.blueonyx.it on behalf of mstauber at blueonyx.it> wrote:
Hi Brian,
> From WHMCS, select to open the BO gui, upon entering the credentials,
> it fails with a CSRF message
This has just been fixed in a two-part fix:
Updated base-alpine-* and base-api-* RPMs have been released for
BlueOnyx 5209R, BlueOnyx 5210R and Aventurin{e} 6109R.
Additionally the WHMCS modules for BlueOnyx and Aventurin{e} have been
updated. The updated versions are available here:
https://devel.blueonyx.it/pub/BlueOnyx/TAR/
Logins from WHMCS (backend as well as customer portal) no longer go to
/login, but to /api/apilogin instead. That URL has been excluded from
the CSRF-protection if accessed from your WHMCS instance while the API
itself is enabled.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list