This forum has moved to a new location and is in read-only mode. Please visit talk.octobercms.com to access the new location.

endi.linux.mint51510
endi.linux.mint51510

How to solve Twig\Sandbox\SecurityNotAllowedMethodError problem?

After I upgraded System Build Octobercms to version 2.2.1, I get a lot of Event Log messages like this:

Twig\Sandbox\SecurityNotAllowedMethodError: Calling any method on a "Cms\Classes\Controller" object is blocked in "/var/www/myweb.com/themes/web/partials/v8/json-ld.htm" at line 5. in /var/www/myweb.com/modules/system/twig/SecurityPolicy.php:123

The problem is, right now the home page of my website displays the PAGE ERROR . page

Last updated

dario
dario

Hy I have the same issue after updating octobercms to 2.2

chiragsenjaliya9827068
chiragsenjaliya9827068

I also had the same issue. For temp fix make .env APP_DEBUG=true.

daftspunky
daftspunky

Hey guys, take a look at the release note. This is due to running in safe mode.

https://octobercms.com/support/article/rn-29#twig-strictness

Last updated

daftspunky
daftspunky

Update: We have disabled this new policy in v2.2.3 because it is causing too many problems for too many sites (breaking change). However, it will return in the v3.0 release.

To optionally prepare your website for v3.0, use the following:

CMS_SECURITY_POLICY_V2=true

For now, please update to v2.2.3 to get the fix.

Last updated

endi.linux.mint51510
endi.linux.mint51510

Until version 2.2.11 I still get the Twig\Sandbox\SecurityNotAllowedMethodError warning when I set APP_DEBUG to APP_DEBUG=false (in production mode apps).

Until finally I changed CMS_SAFE_MODE=null to CMS_SAFE_MODE=false and the SYSTEM STATUS warning on my application dashboard was marked with green text for Software is Up to Date and No Warnings to Display warnings. No more error warnings in Event Log

Currently my .ENV file settings are:

APP_DEBUG=false
CMS_SAFE_MODE=false

I just want to get a clean system state alert on my octobercms dashboard. But in terms of system security, is this action appropriate to secure the octobercms application on my web server?

I'm sorry I asked this question because I don't understand coding at all.

Any opinion?

Last updated

1-6 of 6

You cannot edit posts or make replies: the forum has moved to talk.octobercms.com.