HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

403 Error for Member Accounts When Quoting Posts

edited July 2019 in Feedback

I have reproduced this error on version 3.01 and 3.1.

On a Member account, when I quote the top post, I get a 403 error instead of the quote.

The error doesn't happen if I increase the account to Moderator or Admin privileges. It also doesn't happen when I quote comments instead of the original post.

First error:

VM2293:1 POST https://my.example.com/api/v2/media/scrape 403 (Forbidden)
(anonymous)	@	VM2293:1
(anonymous)	@	vendors.min.js:17
e.exports	@	vendors.min.js:17
e.exports	@	vendors.min.js:49
Promise.then (async)		
s.request	@	vendors.min.js:49
s.<computed>	@	vendors.min.js:49
(anonymous)	@	vendors.min.js:17
value	@	async~mountEditor.min.js:72
(anonymous)	@	async~mountEditor.min.js:77
s	@	shared.min.js:31

Second error:

Error: Request failed with status code 403
  at e.exports (vendors.min.js:17)
  at e.exports (vendors.min.js:49)
  at XMLHttpRequest.p.<computed> (vendors.min.js:17)
a	@	shared.min.js:19
(anonymous)	@	async~mountEditor.min.js:258
Promise.catch (async)		
value	@	async~mountEditor.min.js:258
o	@	async~mountEditor.min.js:258
t.create	@	async~mountEditor.min.js:230
(anonymous)	@	async~mountEditor.min.js:72
value	@	async~mountEditor.min.js:72
(anonymous)	@	async~mountEditor.min.js:77
s	@	shared.min.js:31


  • Options
    charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff
    edited July 2019

    Good catch.

    I've got a PR for a fix here:

    This fix should be out in the next release, but in the meantime you can resolve it by just changed that one line in DiscussionsApiController .

    I also formatted the code blocks in your post. It makes it a lot easier to read the errors.

Sign In or Register to comment.