Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
If set "Confirmation page" ends with a error message if form sent.
"Access denied
You are not authorized to access this page."
Comment | File | Size | Author |
---|---|---|---|
webform_4_beta3_redirect_error_01.png | 2.52 KB | alexhaack | |
webform_4_beta3_redirect_error_02.png | 3.45 KB | alexhaack |
Comments
Comment #1
alexhaack CreditAttribution: alexhaack commentedComment #2
quicksketchWhat's the full URL on your confirmation page? Webform specifically does an access check on the confirmation page to make it so that users can't view confirmation messages of other users.
If logged in, the path should be
node/1/done?sid=3205
. If logged out, it should be more likenode/1/done?sid=3207&token=1eaf0b97dbb6897902e92e9f82727cad
. If the token doesn't validate, you'll get an access denied.Currently, I can't reproduce this as a problem with a stock installation of Webform, so I'll need more information on how to reproduce this issue.
Comment #3
quicksketchClosing after lack of activity. If you can provide more information on how to reproduce this issue I'd be happy to take another look.
Comment #4
stijndmd CreditAttribution: stijndmd commentedYou can reproduce this issue if you create a webform and go to node/nid/webform/configure
There you change the redirect location to: node/nid/done?sid=[submission:sid]&email=[submission:values:e_mail]
I have to do this for a client because he needs a javascript pixel on the confirmation page to track stuff.
We need the entered e-mail address from the user in our url to push to the tracker code.
So I could fix this problem if there would be an available token for this:
token=1eaf0b97dbb6897902e92e9f82727cad
But, is there?
How can I fix this for logged out users?
Comment #5
stijndmd CreditAttribution: stijndmd commentedNevermind, I changed my approach.
Went back to using the default confirmation page and got the e-mail from
"webform_get_submission(arg(1), $_GET['sid']);"
This is more of a workaround than a fix ofcourse
Comment #6
kpmags CreditAttribution: kpmags commentedSo I'm having this issue for Anonymous users.
There are no tokens used - I'm getting this even with a dummy webform with one field set up.
I've verified that the webform data gets sent - but the user is presented with "Access Denied" from ANY confirmation choice (page/custom/none)
Reading this above:
I've checked the path on the confirmation and my logged out users are getting the path that should only be for logged in -- hence the "Access Denied" declaration (I'm assuming)
What do I do to get the Anonymous users the correct path?
Thanks for any guidance!
Comment #7
ajlow CreditAttribution: ajlow commentedI had the access denied issue too however it was related to the module webform conditional confirmation I am using: https://www.drupal.org/project/webform_conditional_confirmation.
I resolved my issue by applying this patch: https://www.drupal.org/node/2341233.
You may need to check if you have this module (or any other module that requires webform) installed as it may require a patch to take into account the extra security webform 4 has.
I hope it helps!