Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming [solved] a3m Yahoo problem - The action you have requested is not allowed.
[solved] a3m Yahoo problem - The action you have requested is not allowed.
  • El Forum
    Guest
  •  
#1
03-18-2012, 04:54 AM

[eluser]boltsabre[/eluser]
Hi guys,

I've just installed a3m into my existing development project, and after some tweaking an and tinkering I've managed to get it all working, apart from the Yahoo login.

When I try to sign in with my Yahoo account, I get the following javascript pop-up, callback URL, and error message:

JS pop-up
Code:
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?

Callback URL
Code:
http://www.myvirtualdomain.com/account/connect_yahoo?janrain_nonce=2012-03-18T11:48:24ZMSsIVZ
(above url getting re-configured by this message system, the above two colons : are actually percentage % symbols).

Error message/page on my site after the callback.
Code:
An Error Was Encountered

The action you have requested is not allowed.

It is successfully logging me into Yahoo (if I'm not already logged in), or if I am already logged in I still get the same process of JS pop-up, callback URL, and Error page on my site.

I've already enabled $_GET in my config file using:
Code:
$config['allow_get_array'] = TRUE;

Anyone got any ideas what might be going on here???
  • El Forum
    Guest
  •  
#2
03-18-2012, 05:11 AM

[eluser]Noobigniter[/eluser]
Yop,

Maybe a way ...

JS pop-up: you use http and not https.

The action you have requested is not allowed:

if $config['csrf_protection'] = TRUE; you must use form_open() to include so that the csrf.
  • El Forum
    Guest
  •  
#3
03-18-2012, 10:28 AM

[eluser]boltsabre[/eluser]
Well, I'm still no closer to finding the issue...

It's not CSRF as I've tested with it set to false (and true) with no difference in behavior.

I realised, that considering I've enabled $_GET, I had some missing permitted_uri_chars in my config file, it now looks like this:

Code:
$config['permitted_uri_chars'] = 'a-z 0-9_\-%=?:';

But still I get the error message. Anyone got any ideas (and thanks Noobigniter for your input on CSRF)
  • El Forum
    Guest
  •  
#4
03-18-2012, 10:55 AM

[eluser]boltsabre[/eluser]
Ah, apologies @ Noobigniter, it was actually a CSRF thing, further down my config file I was resetting it back to TRUE (left over code from when I was testing some ajax functionality which I forgot to delete).


For anyone else who is having problems with their a3m and yahoo, this piece of code did the trick for me (it goes in your config file).
Code:
if(stripos($_SERVER["REQUEST_URI"],'/account/connect_yahoo') === FALSE)
{
    $config['csrf_protection'] = TRUE;
}
else
{
    $config['csrf_protection'] = FALSE;
}
  • El Forum
    Guest
  •  
#5
03-18-2012, 12:16 PM

[eluser]Noobigniter[/eluser]
Glad that you've put on the way. Smile




Theme © iAndrew 2016 - Forum software by © MyBB