I'm currently working on a Laravel 8 project in which I need to create cards with text and cropped images using the Croppie plugin.
Everything works perfectly locally.
However, once in production, when I send the cropped image to my controller, the server firewall interprets it most of the time as an attack and the server returns a 403 error.
Here is the information the firewall tells me :
ID : 340029 Sévérité : CRITICALLabel : - info : Atomicorp.com WAF Rules: Attack Blocked - command in REQUEST_URI or Argument message : Access denied with code 403 (phase 2). Pattern match "(?:;|/|\| )(?:\b(?:cat|ls|perl|uname|pwd|cp|tclsh8?|cpp|f(?:etch|tp)|python|chown|rm|ping|rsync|rdiff-backup|scp|(?:w|ftp)get|curl|lin
In my blade file, I have a hidden input to which I send the cropped image from the croppie javascript and which allows me to retrieve the image in my Laravel controller. Here is my code:
<form action="{{ route('card.store') }}"method="POST" novalidate autocomplete="off" enctype="multipart/form-data">
@csrf
<label for="title">Title</label>
<input id="title" name="title" type="text">
<input id="imgCrop" name="img_crop" type="hidden" />
<button id="submitBtn" type="submit">Save</button>
</form>
$('.upload-result').on('click', function(ev) {
$uploadCrop.croppie('result', {
type: 'canvas',
size: {width: 1920, height: 1280},
format: 'jpeg',
quality: 0.7
}).then(function(resp) {
$('#imgCrop').val(resp);
$('#imgPreview').removeClass('d-none');
$('#imgPreview').attr("src", $('#imgCrop').val());
});
});
I spent many hours searching for a solution to this problem, including on the forums, but without success. Does anyone know of a solution to resolve this problem please?