403 Error for Member Accounts When Quoting Posts

LaggedOnUser

I have reproduced this error on version 3.01 and 3.1.

On a Member account, when I quote the top post, I get a 403 error instead of the quote.

The error doesn't happen if I increase the account to Moderator or Admin privileges. It also doesn't happen when I quote comments instead of the original post.

First error:

VM2293:1 POST https://my.example.com/api/v2/media/scrape 403 (Forbidden)
(anonymous)	@	VM2293:1
(anonymous)	@	vendors.min.js:17
e.exports	@	vendors.min.js:17
e.exports	@	vendors.min.js:49
Promise.then (async)		
s.request	@	vendors.min.js:49
s.<computed>	@	vendors.min.js:49
(anonymous)	@	vendors.min.js:17
value	@	async~mountEditor.min.js:72
(anonymous)	@	async~mountEditor.min.js:77
s	@	shared.min.js:31

Second error:

Error: Request failed with status code 403
  at e.exports (vendors.min.js:17)
  at e.exports (vendors.min.js:49)
  at XMLHttpRequest.p.<computed> (vendors.min.js:17)
a	@	shared.min.js:19
(anonymous)	@	async~mountEditor.min.js:258
Promise.catch (async)		
value	@	async~mountEditor.min.js:258
o	@	async~mountEditor.min.js:258
t.create	@	async~mountEditor.min.js:230
(anonymous)	@	async~mountEditor.min.js:72
value	@	async~mountEditor.min.js:72
(anonymous)	@	async~mountEditor.min.js:77
s	@	shared.min.js:31

charrondev

Good catch.

I've got a PR for a fix here:

https://github.com/vanilla/vanilla/pull/9138

This fix should be out in the next release, but in the meantime you can resolve it by just changed that one line in DiscussionsApiController .

I also formatted the code blocks in your post. It makes it a lot easier to read the errors.