How to solve Twig\Sandbox\SecurityNotAllowedMethodError problem?

After I upgraded System Build Octobercms to version 2.2.1, I get a lot of Event Log messages like this:

Twig\Sandbox\SecurityNotAllowedMethodError: Calling any method on a "Cms\Classes\Controller" object is blocked in "/var/www/myweb.com/themes/web/partials/v8/json-ld.htm" at line 5. in /var/www/myweb.com/modules/system/twig/SecurityPolicy.php:123

The problem is, right now the home page of my website displays the PAGE ERROR . page

Last updated 2 years ago

Hy I have the same issue after updating octobercms to 2.2

I also had the same issue. For temp fix make .env APP_DEBUG=true.

Hey guys, take a look at the release note. This is due to running in safe mode.

https://octobercms.com/support/article/rn-29#twig-strictness

Last updated 2 years ago

Update: We have disabled this new policy in v2.2.3 because it is causing too many problems for too many sites (breaking change). However, it will return in the v3.0 release.

To optionally prepare your website for v3.0, use the following:

CMS_SECURITY_POLICY_V2=true

For now, please update to v2.2.3 to get the fix.

Last updated 2 years ago

Until version 2.2.11 I still get the Twig\Sandbox\SecurityNotAllowedMethodError warning when I set APP_DEBUG to APP_DEBUG=false (in production mode apps).

Until finally I changed CMS_SAFE_MODE=null to CMS_SAFE_MODE=false and the SYSTEM STATUS warning on my application dashboard was marked with green text for Software is Up to Date and No Warnings to Display warnings. No more error warnings in Event Log

Currently my .ENV file settings are:

APP_DEBUG=false
CMS_SAFE_MODE=false

I just want to get a clean system state alert on my octobercms dashboard. But in terms of system security, is this action appropriate to secure the octobercms application on my web server?

I'm sorry I asked this question because I don't understand coding at all.

Any opinion?

Last updated 2 years ago