Focal Point
[SOLVED] Access Denied Error When Submitting Form via POST

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/5017044686

May 17, 2017, 12:05 PM
WFConsultant
[SOLVED] Access Denied Error When Submitting Form via POST
I have seen several examples of submitting form via POST. I see that many of you have confirmed its working. However, when I do this I am getting the following error. My sample works when I change to GET. Looks like some kind of setting in the configuration? Any help would be highly appreciated.

403 - Access Denied
You are not authorized to view this page 

 
-HTMLFORM BEGIN
<html>
<script>
function submitForm(){
	var frm = document.getElementById('form1');
	frm.submit();
}
</script>


<body>
	<form id="form1" method="POST" action="run.bip" target="_blank">

		<select id="COUNTRY" size="6" name="COUNTRY">
			<option value="ENGLAND">ENGLAND</option>
			<option value="FRANCE">FRANCE</option>
			<option value="ITALY">ITALY</option>
			<option value="JAPAN">JAPAN</option>
			<option value="W GERMANY">W GERMANY</option>
		</select>

		<input type="hidden" name="BIP_REQUEST_TYPE" value="BIP_RUN"  />
		<input type="hidden" name="BIP_folder" value="IBFS:/WFC/Repository/developers/xyz/samples"  />
		<input type="hidden" name="BIP_item" value="get_car_stats.fex"  />
		<input id="btn" type="button" value="Run Report" onclick="submitForm();">

	</form>
</body>
</html>

-HTMLFORM END

This message has been edited. Last edited by: WFConsultant,


WebFOCUS 8207.11
App Studio 8207
May 18, 2017, 11:08 AM
FP Mod Chuck
Hi

Is there a reason you are building the html form inside a fex. If you use the html composer and reference the fex all works well. If your requirement is to do the development as you have described you should open a case with techsupport to see what is going on with security when a post is used. You can also use fiddler2 to trace what is happening.


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
May 18, 2017, 04:30 PM
WFConsultant
quote:
Originally posted by Chuck Wolff:
Hi

Is there a reason you are building the html form inside a fex...........


Thank you for your suggestions. We are building forms inside a fex to implement Bootstrap and Select2 framework. This is as per the client's requirement. I have tested this in the 8.1. It works. I am thinking something to do with the configuration. I did open a case with techsupport.


WebFOCUS 8207.11
App Studio 8207
May 22, 2017, 11:47 AM
WFConsultant
There were 2 suggestions from IBI. We have tried both. The first suggestion works. But the Systems Engineering is not liking it as it would affect other applications they are supporting. The 2nd suggestion doesn't work. Anyone has any idea why? While I am still in communication with IBI I am wondering if anyone has faced similar issue.

1) you can open the Filters in the Admin console and set IBI_CSRF_ENFORCE=FALSE

2) you can add this to site.wfs:
IBIWF_SES_AUTH_TOKEN(PASS)


WebFOCUS 8207.11
App Studio 8207
May 30, 2017, 11:27 AM
WFConsultant
Issue is resolved by implementing IBI's suggestions.

1) Create the following variables in site.wfs

IBI_CSRF_Token_Name(PASS)
IBI_CSRF_Token_Value(PASS)


2) Use the following hidden variables in the form


function submitAdhocForm(){
	document.getElementById('adhocForm').submit();
}


<form id="form1" method="POST" action="/ibi_apps/run.bip" target="_blank" >
	<input type="hidden" name="BIP_REQUEST_TYPE" value="BIP_RUN"  />
	<input type="hidden" name="BIP_folder" value="IBFS:/WFC/Repository/foldername"  />
	<input type="hidden" name="BIP_item" value="report.fex"  />
	<input type="hidden" name="!IBI.AMP.IBI_CSRF_Token_Name;" value="!IBI.AMP.IBI_CSRF_Token_Value;" />
	<input type="button" onclick="submitAdhocForm()" value="Run Report">
</form>



WebFOCUS 8207.11
App Studio 8207
May 30, 2017, 07:40 PM
Doug
My thoughts exactly, Chuck Wolff: "Is there a reason you are building the html form inside a fex."

WFConsultant: "We are building forms inside a fex to implement Bootstrap and Select2 framework."

Would you please explain "Bootstrap and Select2 framework"?




   In FOCUS Since 1983 ~ from FOCUS to WebFOCUS.
   Current: WebFOCUS Administrator at FIS Worldpay | 8204, 8206
May 31, 2017, 09:32 AM
WFConsultant
quote:
Would you please explain "Bootstrap and Select2 framework


Including Bootstrap library will make the entire application mobile friendly and responsive. No additional coding is required. Similarly, Select2 library adds many cool features to the dropdown controls. Custom HTML forms makes it easier to implement these frameworks. Implementing Bootstrap is simple. You only need to play with classes. For Select2 you can use both JavaScript and JQuery.


WebFOCUS 8207.11
App Studio 8207
June 14, 2017, 12:38 PM
WFConsultant
How do we close this topic? It is still showing as CASE OPENED.


WebFOCUS 8207.11
App Studio 8207
June 14, 2017, 02:19 PM
MartinY
Edit your first post then in the subject area change [CASE-OPEN] by [SOLVED] as when solved or [CLOSED] as when no solution


WF versions : Prod 8.2.04M gen 33, Dev 8.2.04M gen 33, OS : Windows, DB : MSSQL, Outputs : HTML, Excel, PDF
In Focus since 2007
June 14, 2017, 03:21 PM
WFConsultant
Thanks Martin!


WebFOCUS 8207.11
App Studio 8207