ajax call from within plugin forbidden

[jimlongo]

I am trying to make an AJAX call within my plugin and receive the following error.

=====
HTTP error 403
cgi/Tcs/Controller/LogsController.php
WHM is configured to disallow execution of unregistered applications when logged in as root or a reseller with the "all" ACL. To enable this functionality you must do one of the following: Register this addon with the /usr/local/cpanel/bin/register_appconfig script (Guide to WHM Plugins - The AppConfig System - Developer Documentation - cPanel Documentation), Enable the "Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM" option in "Tweak Settings", or add permit_unregistered_apps_as_root=1 to the /var/cpanel/cpanel.config file, and run the /usr/local/cpanel/etc/init/startcpsrvd script.
=====

Since this is a public plugin the Tweak Settings or cpanel.config file options are really not an option. (don't want to have to ask users to jump through hoops to use plugin)

The plugin is registered with appconfig. This is the config file.

#The service in which to serve the application: cpanel - cPanel, whostmgr - WHM, webmail - Webmail
service=whostmgr

#whm url
entryurl=xyz/index.php

#app location
url=/cgi/xyz/index.php

acls=any
displayname=XYZ Services
icon=xyz.png
target=_self



name=XYZ-WHM-Plugin

I've tried using a csfr token in the AJAX call, but haven't been able to get that to work.

Anybody have any insight here?

Thanks.

 

[cPRex]

Hey there! If you do run the app registration command, what output do you receive?

/usr/local/cpanel/bin/register_appconfig ./example.conf

If that works correctly, you should get confirmation that the app was registered and data will be written to the /var/cpanel/apps/ directory automatically. Can you confirm that portion is working well?

 

[jimlongo]

Thank you. I think I may have abandoned the AJAX call, but in the spirit of helping someone else.

My install script runs

$~ /usr/local/cpanel/bin/register_appconfig InstallFiles/xyz-WHM-Plugin.conf
$~ xyz-WHM-Plugin registered

But when I run your suggested check I get

$~ /usr/local/cpanel/bin/register_appconfig ./xyz-WHM-Plugin.conf
$~ The 'conf_file' must be readable and a plain file.

$~ ll /var/cpanel/apps/
total 16
-rw------- 1 root root 586 Dec  4  2017 cmc.conf
-rw------- 1 root root 644 Nov 11 11:32 csf.conf
-rw------- 1 root root 644 Nov 12 03:31 imunify-antivirus.conf
-rw------- 1 root root 300 Dec 10 10:08 xyz-WHM-Plugin.conf

 

[cPRex]

Just for fun, could you try with the full path like this? I've seen that cause issues in the past:

/usr/local/cpanel/bin/register_appconfig /var/cpanel/apps/youraddon.conf

 

[jimlongo]

Yes, thanks.

$~ /usr/local/cpanel/bin/register_appconfig /var/cpanel/apps/xyz-WHM-Plugin.conf
xyz-WHM-Plugin registered

 

[cPRex]

After doing that, does that get things working better for you or are there still issues?

 

[jimlongo]

Well unfortunately as I said i've abandoned the hope of using an AJAX call, and instead just used a form submit with a page refresh.
But this was always the case, the plugin was always registered, so i'm just confused why I was getting the original 403 error when trying to do an AJAX call.

Can you not do AJAX calls inside a registered app?

 

[cPRex]

I don't see why you *wouldn't* be able to as our own uapi does use those calls, but I don't see anything in our documentation specifically about ajax related to appconfig.

If you could put in a ticket and provide some code examples we may be able to get you some additional details.

 

[gnusys]

Please add all the URL's in the conf file for the app. include the target script the Ajax call is using too here

url1=/cgi/xyz/abc.php
url2=/cgi/xyz/bcd.php

etc

Ajax calls do work on the WHM plugin as I have used it in multiple places on a WHM plugin.I can confirm that