Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.

403 Error for Member Accounts When Quoting Posts

edited July 2019 in Feedback

I have reproduced this error on version 3.01 and 3.1.

On a Member account, when I quote the top post, I get a 403 error instead of the quote.

The error doesn't happen if I increase the account to Moderator or Admin privileges. It also doesn't happen when I quote comments instead of the original post.

First error:

VM2293:1 POST 403 (Forbidden)
(anonymous)	@	VM2293:1
(anonymous)	@	vendors.min.js:17
e.exports	@	vendors.min.js:17
e.exports	@	vendors.min.js:49
Promise.then (async)		
s.request	@	vendors.min.js:49
s.<computed>	@	vendors.min.js:49
(anonymous)	@	vendors.min.js:17
value	@	async~mountEditor.min.js:72
(anonymous)	@	async~mountEditor.min.js:77
s	@	shared.min.js:31

Second error:

Error: Request failed with status code 403
  at e.exports (vendors.min.js:17)
  at e.exports (vendors.min.js:49)
  at XMLHttpRequest.p.<computed> (vendors.min.js:17)
a	@	shared.min.js:19
(anonymous)	@	async~mountEditor.min.js:258
Promise.catch (async)		
value	@	async~mountEditor.min.js:258
o	@	async~mountEditor.min.js:258
t.create	@	async~mountEditor.min.js:230
(anonymous)	@	async~mountEditor.min.js:72
value	@	async~mountEditor.min.js:72
(anonymous)	@	async~mountEditor.min.js:77
s	@	shared.min.js:31


  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff
    edited July 2019

    Good catch.

    I've got a PR for a fix here:

    This fix should be out in the next release, but in the meantime you can resolve it by just changed that one line in DiscussionsApiController .

    I also formatted the code blocks in your post. It makes it a lot easier to read the errors.

Sign In or Register to comment.