HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

API v2 403 forbidden error

I tried out Vanilla 2021.011 and it has new layout options for Foundation under Settings - Layout, where you can also set whether or not you'd like discussions or categories as a homepage.

Things were working fine on a local installation, but on our shared hosting nothing can be selected. I noticed the following error when using the browsers dev tools

I don't know if it matters, but the local installation is on Windows while the shared hosting is Unix.

Thank you in advance


  • R_JR_J Ex-Fanboy Munich Admin

    You should expect less problems with Linux than with Windows when you are dealing with PHP scripts, so that's not the problem.

    Nevertheless that's most probably a web server configuration issue. Not really sure where the problem comes from, though. I would look at the following at first: open up your browsers developer console and look at the network tab. I'd say the most interesting lines are Host, Origin, Referer and Content-Security-Policy.

    Content-Security-Policy should show a "self". The other three look like this on my local test install.

    Is there any inconsistency in your setup?

  • Thank you for the reply!

    I clicked on the request 'layout' and compared the details and there were no differences and Content-Security-Policy had 'self'. I noticed something in the request list though. On my localhost it looks like this

    But on the shared hosting the request above layout says blocked

  • Tried out 2021.012 today and I don't have any API errors anymore and no blocked requests, but still trying any settings does nothing at all.

    I don't know if it's a step forward or just scary since it's going to be impossible to debug without errors.

  • I tried it out in Chrome. Firefox seem to say the request status is OK, but in Chrome it doesn't when I compare to the working localhost installation. In Chrome I also see errors. I don't know if they're same as before as I don't understand any of it. Here are the errors Chrome shows

  • R_JR_J Ex-Fanboy Munich Admin

    Search through the net for that error message. You will see that many people see that error in different situations and there are several reasons why it might appear

    Is that installation fully functional when you are using Firefox?

  • Yes the error seem way too broad to point out what out could be. I found a lot of responses about gzip, but no idea what to do with it.

    The installation doesn't work in any browser, but with 2021.012 I don't see any errors in Firefox. I did in 2021.11 though. The issues started with 2021.011 when additional layout options where added in layout settings. Now I can't use anything on that page if I upgrade from 2021.009. So something in Vanilla must've changed?

  • Some progress. I looked into the servers error log which was empty 🤔 I tried clicking anything in settings/layout and got an error. I won't type it all out, but there was one thing I think could solve this: client denied by server configuration. I'll contact my host later and see if they can solve it.

  • I forgot to get back about this, but posting now in case it could help someone with the same issue.

    I contacted my host shortly after my last post and they quickly solved it :) It was the function PATCH not enabled on the server that caused it. After it was enabled it solved several other issues as well.

  • This error indicates that the server has determined that you are not allowed access to the thing you've requested, either on purpose or due to a misconfiguration . It's probably because the site owner has limited access to it and you don't have permission to view it. The vast majority of the time, there's not much you can do to fix things on your (*client) end. There are four common causes for 403 Forbidden error (server side) . Here they are listed from most likely to least likely:

    • An empty website directory
    • No index page
    • Incorrect settings in the .htaccess file
    • Permission / Ownership error

    If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.

Sign In or Register to comment.