diff --git a/src/sniff.rs b/src/sniff.rs
index 01e6854..3fd3c25 100644
--- a/src/sniff.rs
+++ b/src/sniff.rs
@@ -42,6 +42,7 @@ fn rq_form_update(body: &web::Bytes) -> bool {
 // this part may need code quality improvements
 // the body MUST come from the "create new form" route
 // (this is checked upstream)
+// returns the form UID and the request body
 pub fn check_new_form(body: &web::Bytes) -> u64 {
     let req = String::from_utf8_lossy(body);
 
@@ -51,13 +52,22 @@ pub fn check_new_form(body: &web::Bytes) -> u64 {
         Value::Null
     });
 
-    if v != Value::Null && v["id"] != Value::Null && v["isAnonymous"] == Value::Null {
-        v["id"].as_u64().unwrap_or_else(|| {
-            eprintln!("check_new_form: failed to parse formid: {}", v);
-            0
-        })
-    } else {
-        0
+    if v != Value::Null
+        && v["ocs"].is_object()
+            && v["ocs"]["data"].is_object()
+            && v["ocs"]["data"]["id"] != Value::Null
+            && v["ocs"]["data"]["isAnonymous"] == Value::Null {
+
+                //getting form id
+                let new_v_id = v["ocs"]["data"]["id"].as_u64().unwrap_or_else(|| {
+                    eprintln!("check_new_form: failed to parse formid: {}", v);
+                    0
+                });
+                new_v_id
+
+            } else {
+                eprintln!("error: check_new_form: can't find formid: {}", v);
+                0
     }
 }
 
@@ -69,10 +79,14 @@ const BLOCKED_ROUTES: &[&str] = &[
     "/ocs/v",
     "/remote.php",
     "/apps/files",
+    "/core/templates/filepicker.html",
 ];
 
 // ...except if they are in this list
-const ALLOWED_ROUTES: &[&str] = &["/ocs/v2.php/apps/forms/"];
+const ALLOWED_ROUTES: &[&str] = &[
+    "/ocs/v2.php/apps/forms/",
+    "/status.php"
+];
 
 // checks if the accessed route is allowed for the user.
 // if it returns true, redirects elsewhere