An Error Was Encountered The action you have requested is not allowed.

[Daniel Crawley]

After the best part of the day trying to set up agenDav, I am getting the below error when trying to log in...

An Error Was Encountered

The action you have requested is not allowed.

I am only getting the below in the logs after enabling DEBUG logs

DEBUG - 2015-07-30 12:36:42 --> Config Class Initialized

DEBUG - 2015-07-30 12:36:42 --> Hooks Class Initialized

DEBUG - 2015-07-30 12:36:42 --> Utf8 Class Initialized

DEBUG - 2015-07-30 12:36:42 --> UTF-8 Support Enabled

DEBUG - 2015-07-30 12:36:42 --> URI Class Initialized

DEBUG - 2015-07-30 12:36:42 --> Router Class Initialized

DEBUG - 2015-07-30 12:36:42 --> Output Class Initialized

DEBUG - 2015-07-30 12:36:42 --> Security Class Initialized

DEBUG - 2015-07-30 12:36:42 --> Input Class Initialized

DEBUG - 2015-07-30 12:36:42 --> XSS Filtering completed

DEBUG - 2015-07-30 12:36:42 --> XSS Filtering completed

DEBUG - 2015-07-30 12:36:42 --> XSS Filtering completed

DEBUG - 2015-07-30 12:36:42 --> XSS Filtering completed

I can't see to figure out what the problem is, I am running apache on Windows and agenDav version 1.2.6.2

Please help.

[Jorge López Pérez]

Hi Daniel,

On Thu, Jul 30, 2015, at 13:40, Daniel Crawley wrote:

> The action you have requested is not allowed.

This seems to be a CSRF error. Have a look at this thread:
https://groups.google.com/forum/#!searchin/agendav-general/csrf/agendav-general/q9sa0qgFwVM/uEuy4s9SahEJ
.

It's usually caused by wrong session/cookies settings inside your
config.php file, so you should check them. Make sure that cookie_domain
(http://docs.agendav.org/en/1.2.6.2/admin/configuration/#confval-cookie_domain)
contains the same hostname that you are pointing your browser to.

Best regards.

--
Jorge López Pérez
http://adobo.org

[Daniel Crawley]

Thanks for taking the time Jorge, however, I read that post earlier today and have played with these settings but still I cant seem to make anything work.

[Daniel Crawley]

If I attempt to log in on the local machine I get the below error in console

the server responded with a status of 500 (Internal Server Error)

[Jorge López Pérez]

Hi Daniel,

On Thu, Jul 30, 2015, at 15:13, Daniel Crawley wrote:

> Thanks for taking the time Jorge, however, I read that post earlier today
> and have played with these settings but still I cant seem to make
> anything
> work.

Can you show us your config.php? base_url and cookie* are the most
important settings.

[Daniel Crawley]

Sure, I have pasted config.php below, I have now removed the url from the cookie as it I have trie d a few different things there, none o which seemed to make a difference. I presume that I have the base url correct as all the images and css load for the login page. Please bear in mind that I don't have an actual domain for this server yet so I am visiting it through the ip address.

Thanks again for any help!

<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

// Advanced options which you should not need to modify

require_once('advanced.php');

// Defaults

require_once('defaults.php');

/*

|--------------------------------------------------------------------------

| Base Site URL

|--------------------------------------------------------------------------

|

| URL to your CodeIgniter root. Typically this will be your base URL,

| WITH a trailing slash:

|

| http://example.com/

|

| If this is not set then CodeIgniter will guess the protocol, domain and

| path to your installation.

|

*/

$config['base_url'] = 'http://178.159.11.234/';

/*

|--------------------------------------------------------------------------

| Categories of log messages which will get logged

|--------------------------------------------------------------------------

|

| Specify which types of log lines should be written to disk. Possible

| values are:

|

|  * ERROR: error messages, recommended

|  * INFO: informational messages, recommended

|  * AUTHERR: authentication errors

|  * AUTHOK: successful authentications

|  * INTERNALS: AgenDAV internal processing actions, do not use unless you

|               are having problems or you want to debug AgenDAV

|  * DEBUG: CodeIgniter internal debug. Do not enable unless you know what

|           you're doing

*/

$config['show_in_log']= array('ERROR','INFO','AUTHERR', 'AUTHOK'); 

/*

|--------------------------------------------------------------------------

| Error Logging Directory Path

|--------------------------------------------------------------------------

|

| Use a full server path with trailing slash.

|

*/

$config['log_path'] = 'C:\\Hosting\\www\\web\\calendar\\agendav-1.2.6.2\\logs\\';

/*

|--------------------------------------------------------------------------

| Encryption Key

|--------------------------------------------------------------------------

|

| If you use the Encryption class or the Session class you

| MUST set an encryption key.  See the user guide for info.

|

*/

$config['encryption_key'] = 'ASasdkdkdk';

/*

|--------------------------------------------------------------------------

| Cookie Related Variables

|--------------------------------------------------------------------------

|

| 'cookie_prefix' = Set a prefix if you need to avoid collisions

| 'cookie_domain' = Set to .your-domain.com for site-wide cookies

| 'cookie_path'   =  Typically will be a forward slash

| 'cookie_secure' =  Cookies will only be set if a secure HTTPS connection exists.

|

*/

$config['cookie_prefix'] = "";

$config['cookie_domain'] = "";

$config['cookie_path'] = "/";

$config['cookie_secure'] = FALSE;

/*

|--------------------------------------------------------------------------

| Reverse Proxy IPs

|--------------------------------------------------------------------------

|

| If your server is behind a reverse proxy, you must whitelist the proxy IP

| addresses from which CodeIgniter should trust the HTTP_X_FORWARDED_FOR

| header in order to properly identify the visitor's IP address.

| Comma-delimited, e.g. '10.0.1.200,10.0.1.201'

|

*/

$config['proxy_ips'] = '';

/*

|--------------------------------------------------------------------------

| Application title

|--------------------------------------------------------------------------

|

| To be shown in page titles and some other places

|

*/

$config['site_title'] = 'Calendar web access for My Company LTD';

/*

|--------------------------------------------------------------------------

| Logo

|--------------------------------------------------------------------------

|

| Filename from public/img

|

*/

$config['logo'] = 'agendav_100transp.png';

/*

|--------------------------------------------------------------------------

| Footer message

|--------------------------------------------------------------------------

|

| Text to be shown in footer

|

*/

$config['footer'] = 'My Company LTD';

/*

|--------------------------------------------------------------------------

| URL to redirect after logging out

|--------------------------------------------------------------------------

|

| Leave empty if you want to redirect to login page

|

*/

$config['logout_redirect_to'] = '';

/*

|--------------------------------------------------------------------------

| Additional static JavaScript files

|--------------------------------------------------------------------------

|

| Files have to be placed inside public/js

|

| Useful for programmatically adding events via Fullcalendar

|

*/

$config['additional_js'] = array();

/*

|--------------------------------------------------------------------------

| Show public CalDAV in calendar edit form

|--------------------------------------------------------------------------

|

| Set this to true if you want to show public CalDAV URLs in calendar edit

| form

|

*/

$config['show_public_caldav_url'] = TRUE;

/*

|--------------------------------------------------------------------------

| Default Language

|--------------------------------------------------------------------------

|

| This determines which language should be used by default. Make sure

| there is an available translation if you intend to use something other

| than en.

|

*/

$config['default_language'] = 'en';

/*

|--------------------------------------------------------------------------

| Default time format

|--------------------------------------------------------------------------

|

| This determines which time format should be used by default. You can choose

| between 12 and 24 hours time format

*/

$config['default_time_format'] = '24';

/*

|--------------------------------------------------------------------------

| Default date format

|--------------------------------------------------------------------------

|

| This determines which date format should be used by default in forms.

| Dates will be formatted anywhere else as stated in format_full_date

| option.

| You can choose any of the following values:

|

| * ymd : YYYY-month-day will be used

| * dmy: day-month-YYYY will be used

| * mdy: month-day-YYYY will be used

*/

$config['default_date_format'] = 'ymd';

/*

|--------------------------------------------------------------------------

| Readable date format (strftime)

|--------------------------------------------------------------------------

|

| This determines which date format should be used by default when showing a

| date. It's not used in forms.

|

| Requires strftime syntax (http://php.net/strftime)

|

| Some examples:

|

|  * %a %e %B %Y : Mon 5 March 2012

|  * %a %e de %B de %Y : Lun 5 de marzo de 2012 (great for es_ES)

*/

$config['format_full_date'] = '%a %e %B %Y';

/*

|--------------------------------------------------------------------------

| Calendar titles and columns date formats

|--------------------------------------------------------------------------

|

| Following options control how the web calendar should format dates on

| titles and columns for each type of view

|

| Requires own Fullcalendar syntax

| (http://arshaw.com/fullcalendar/docs/utilities/formatDate/)

|

*/

$config['format_column_month'] = 'ddd'; 

$config['format_column_week'] = 'ddd d'; 

$config['format_column_day'] = 'ddd d MMMM'; 

$config['format_column_table'] = 'MMM d, yyyy';

$config['format_title_month'] = 'MMMM yyyy';

$config['format_title_week'] = "MMM d[ yyyy]{ '&#8212;'[ MMM] d yyyy}";

$config['format_title_day'] = 'dddd, MMM d yyyy';

$config['format_title_table'] = 'dddd, MMM d yyyy';

/*

|--------------------------------------------------------------------------

| Default first day of week

|--------------------------------------------------------------------------

|

| This determines which day should be first of week.

|

| 0 means Sunday, 1 means Monday and so on

*/

$config['default_first_day'] = 0;

/*

|--------------------------------------------------------------------------

| Default timezone

|--------------------------------------------------------------------------

|

| This determines which timezone should be used by default

|

| Please, use a valid timezone from http://php.net/timezones

*/

$config['default_timezone'] = 'Europe/Madrid';

/*

|--------------------------------------------------------------------------

| Color list

|--------------------------------------------------------------------------

|

| Background colors. Foreground color are calculated by clients

|

*/

$config['calendar_colors'] = array(

'D4EAEF',

'3A89C9',

'107FC9',

'FAC5C0',

'FF4E50',

'BD3737',

'C9DF8A',

'77AB59',

'36802D',

'F8F087',

'E6D5C1',

'3E4147',

);

/* End of file config.php */

/* Location: ./application/config/config.php */

[Jorge López Pérez]

Hi Daniel,

On Fri, Jul 31, 2015, at 09:10, Daniel Crawley wrote:
> Please bear in mind that
> I
> don't have an actual domain for this server yet so I am visiting it
> through
> the ip address.

This seems to be the problem. Browsers tend to do weird things when
setting cookies on naked IP URLs.

Fortunately you don't need a real domain to use a hostname to connect to
your machine. You can set up a fake hostname (e.g.
'agendav.mymachine.com') pointing to your local address by modifying
your machine hosts file. See https://en.wikipedia.org/wiki/Hosts_(file)
to know where it can be found.

Don't forget to update base_url and cookie_domain to reflect your new
hostname.

[Daniel Crawley]

Thanks Jorge, I will give that a go and get back to you.

[Daniel Crawley]

Still not working :(  Doesn't seem to have made any difference.

I am calling the login from this url ... http://domain.com/web/calendar/agendav-1.2.6.2/web/public/index.php

and my config.php is pasted below, I also tried cookie_domain without the preceding period

Enter code here...<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

// Advanced options which you should not need to modify

require_once('advanced.php');

// Defaults

require_once('defaults.php');

/*

|--------------------------------------------------------------------------

| Base Site URL

|--------------------------------------------------------------------------

|

| URL to your CodeIgniter root. Typically this will be your base URL,

| WITH a trailing slash:

|

| http://example.com/

|

| If this is not set then CodeIgniter will guess the protocol, domain and

| path to your installation.

|

*/

$config['base_url'] = 'http://domain.com/web/calendar/agendav-1.2.6.2/web/public';

/*

|--------------------------------------------------------------------------

| Categories of log messages which will get logged

|--------------------------------------------------------------------------

|

| Specify which types of log lines should be written to disk. Possible

| values are:

|

|  * ERROR: error messages, recommended

|  * INFO: informational messages, recommended

|  * AUTHERR: authentication errors

|  * AUTHOK: successful authentications

|  * INTERNALS: AgenDAV internal processing actions, do not use unless you

|               are having problems or you want to debug AgenDAV

|  * DEBUG: CodeIgniter internal debug. Do not enable unless you know what

|           you're doing

*/

$config['show_in_log']= array('ERROR','INFO','AUTHERR', 'AUTHOK', 'INTERNALS','DEBUG'); 

$config['cookie_domain'] = ".domain.com";

$config['cookie_path'] = "/";

$config['cookie_secure'] = FALSE;

/*

|--------------------------------------------------------------------------

| Reverse Proxy IPs

|--------------------------------------------------------------------------

|

| If your server is behind a reverse proxy, you must whitelist the proxy IP

| addresses from which CodeIgniter should trust the HTTP_X_FORWARDED_FOR

| header in order to properly identify the visitor's IP address.

| Comma-delimited, e.g. '10.0.1.200,10.0.1.201'

|

*/

$config['proxy_ips'] = '';

/*

|--------------------------------------------------------------------------

| Application title

|--------------------------------------------------------------------------

|

| To be shown in page titles and some other places

|

*/

$config['site_title'] = 'Weathersafe Calendar';

/*

|--------------------------------------------------------------------------

| Logo

|--------------------------------------------------------------------------

|

| Filename from public/img

|

*/

$config['logo'] = 'agendav_100transp.png';

/*

|--------------------------------------------------------------------------

| Footer message

|--------------------------------------------------------------------------

|

| Text to be shown in footer

|

*/

$config['footer'] = 'Weathersafe';

On Friday, 31 July 2015 08:38:48 UTC+1, Jorge Lopez wrote:

[Jorge López Pérez]

Hi Daniel,

On Fri, Jul 31, 2015, at 10:05, Daniel Crawley wrote:
> Still not working :( Doesn't seem to have made any difference.
>
> I am calling the login from this url
> ... http://domain.com/web/calendar/agendav-1.2.6.2/web/public/index.php

You made two changes at the same time: you changed both the hostname and
the path to the application, so now we don't know if the hostname change
had the desired effect :-P

> $config['base_url'] =
> 'http://domain.com/web/calendar/agendav-1.2.6.2/web/public';

By the way, note that your base_url is missing the trailing slash.

To discard any other problems, my advice is to set up AgenDAV on the
document root (http://domain.com/) and use the correct settings inside
config.php (base_url = http://domain.com/, cookie_domain = domain.com
and so on). Then I'd clear the browser cache and try again.