/api/graphql: 403 Forbidden

After completing the SuiteCRM 7.12.x migration to SuiteCRM 8.x process, when trying to log in I get the error http://suitecrm8.local/api/graphql: 403 Forbidden. Going to the url http://suitecrm8.local/api/graphql I get

{
   "mistakes": [
     {
       "message": "GraphQL query is not valid.",
       "extensions": {
         "category": "user",
         "status": 400
       }
     }
   ]
}

The vhost configuration is as follows

<VirtualHost *:80>
    ServerName suitecrm8.local
    ServerAlias www.suitecrm8.local
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www/suitecrm8.local/public
    <Directory /var/www/suitecrm8.local/public>
        AllowOverride All
        Order Allow,Deny
        Allow from All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/suitecrm8.local.error.log
    CustomLog ${APACHE_LOG_DIR}/suitecrm8.local.access.log combined
</VirtualHost>

When consulting phpinfo() on mod_rewrite it tells me the module is enabled

Could you help me on how to solve this behavior?

@mario.martinez

I had this error. Check the owner of all files.
The documentation recommends using the command:
find . ! -user www-data -exec chown www-data:www-data {} \;
but I use a stronger command:
find . -exec chown www-data:www-data {} \;

Thanks for answering. Unfortunately there is no change when applying the recomendation. What I have observed is that when trying to start the session, a series of requests are made to /api/graphql, one of them is successful, the others fail,

I attach screenshots

On the next request with the following payload I get this error

{
  "operationName": "appMetadata",
  "variables": { "id": "/api/app-metadata/home" },
  "query": "query appMetadata($id: ID!) {\n  appMetadata(id: $id) {\n    id\n    _id\n    navigation\n    userPreferences\n    language\n    themeImages\n    minimalModuleMetadata\n    __typename\n  }\n}\n"
}

I get 200 but with the following message

{
  "errors": [
    {
      "message": "Internal server error",
      "extensions": { "category": "internal" },
      "locations": [{ "line": 2, "column": 3 }],
      "path": ["appMetadata"]
    }
  ],
  "data": { "appMetadata": null }
}

In the next request I get 403

{
  "operationName": "moduleMetadata",
  "variables": { "id": "/api/module-metadata/home" },
  "query": "query moduleMetadata($id: ID!) {\n  moduleMetadata(id: $id) {\n    id\n    _id\n    listView\n    search\n    recordView\n    subPanel\n    massUpdate\n    recentlyViewed\n    favorites\n    __typename\n  }\n}\n"
}

Response

{
  "type": "https://tools.ietf.org/html/rfc2616#section-10",
  "title": "An error occurred",
  "detail": "Invalid CSRF token"
}

In the migration guide, in the section dedicated to common errors, the first entry mentions CSRF token issues but deleting cookies does not solve the problem.

In the logs logs/prod/prod.log I find this error:

[2022-12-22 07:42:28] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: "Invalid CSRF token" at /var/www/sonar-78.local/core/backend/Security/CSRFValidationListener.php line 96 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\AccessDeniedHttpException(code: 0): Invalid CSRF token at /var/www/sonar-78.local/core/backend/Security/CSRFValidationListener.php:96)"} []

Any suggestions? Thanks in advance

Hi. Thanks for answering. In order to move forward I applied the temporary solution commented in this thread: https://community.suitecrm.com/t/invalid-csrf-token/86806/4

Thu Dec 22 09:35:54 2022 [374870][1][INFO] Query Execution Time:0.0099389553070068
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_participations' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_access_glownet' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_accreditation' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_intercambios' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_presupuestos' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'logs_logEventoActivo' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_personal' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_pulseras' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_estaciones' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_tipo_pulsera' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_miembros' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_ordenes_transacciones' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_ordenes_accesos' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_pulseras_artistas' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_artistas' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'Tick_ticket' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'Tick_customer' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'Tick_sale' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'Tick_ticket_type' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'Tick_event' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_participaciones' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'Feeds' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'iFrames' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'TimePeriods' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'ContractTypes' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'Notifications' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'Queues' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'TrackerSessions' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'TrackerQueries' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'FAQ' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'Newsletters' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'SugarFavorites' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'Library' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'KBDocuments' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'jjwp_Partners' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'TemplateEditor' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_acreditaciones' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_Acreditaciones' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_inter_ofrecidos' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_inter_recibidos' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'codeg_numeraciones' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_participations' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_participations' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_participations' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_participations' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_access_glownet' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_access_glownet' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_access_glownet' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][WARN] ModuleNameMapper | mapName | 'appname_access_glownet' not mapped to 'frontend'
Thu Dec 22 09:35:54 2022 [374870][1][DEBUG] Hook called: ::server_round_trip
Thu Dec 22 09:35:54 2022 [374870][1][DEBUG] Calling MySQLi::disconnect()

Any idea of the reason for these messages?

Sorry, I don’t know…