kanboard: Access Forbidden when moving task between columns - v1.2.20

Since upgrading to v1.2.20, moving a task between columns results in the error message Access Forbidden.

All other functions that I’ve tested work fine, all tasks display properly, I can edit the tasks and the projects, just not move the tasks between columns.

Downgrading to v1.2.19 resolves the issue.

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 5
Comments: 37 (2 by maintainers)

Most upvoted comments

Had the same issue. In my case, the culprit was the Backlog plugin - https://github.com/vistree/kanboard-backlog

coffeverton on Jun 18, 2021

Thank @iulian-radu-at . For my case, I just need to comment out this (leaving other three untouched, so I hope some level of CSRF protection is still working.
protected function checkReusableGETCSRFParam()
{
// if (! $this->token->validateReusableCSRFToken($this->request->getStringParam(‘csrf_token’))) { // throw new AccessForbiddenException(); // } }

And the drag and drop works for me. I have no problem with login so I don’t need to change the Request.php

i can confirm that only this one change fixes the problem for dragging a task from on column to another

vmario89 on Nov 6, 2021

Thank @iulian-radu-at . For my case, I just need to comment out this (leaving other three untouched, so I hope some level of CSRF protection is still working.

protected function checkReusableGETCSRFParam()
{

// if (! $this->token->validateReusableCSRFToken($this->request->getStringParam(‘csrf_token’))) { // throw new AccessForbiddenException(); // } }

And the drag and drop works for me. I have no problem with login so I don’t need to change the Request.php

quanltt on Oct 24, 2021