HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
403 Error for Member Accounts When Quoting Posts
LaggedOnUser
New
I have reproduced this error on version 3.01 and 3.1.
On a Member account, when I quote the top post, I get a 403 error instead of the quote.
The error doesn't happen if I increase the account to Moderator or Admin privileges. It also doesn't happen when I quote comments instead of the original post.
First error:
VM2293:1 POST https://my.example.com/api/v2/media/scrape 403 (Forbidden) (anonymous) @ VM2293:1 (anonymous) @ vendors.min.js:17 e.exports @ vendors.min.js:17 e.exports @ vendors.min.js:49 Promise.then (async) s.request @ vendors.min.js:49 s.<computed> @ vendors.min.js:49 (anonymous) @ vendors.min.js:17 value @ async~mountEditor.min.js:72 (anonymous) @ async~mountEditor.min.js:77 s @ shared.min.js:31
Second error:
Error: Request failed with status code 403 at e.exports (vendors.min.js:17) at e.exports (vendors.min.js:49) at XMLHttpRequest.p.<computed> (vendors.min.js:17) a @ shared.min.js:19 (anonymous) @ async~mountEditor.min.js:258 Promise.catch (async) value @ async~mountEditor.min.js:258 o @ async~mountEditor.min.js:258 t.create @ async~mountEditor.min.js:230 (anonymous) @ async~mountEditor.min.js:72 value @ async~mountEditor.min.js:72 (anonymous) @ async~mountEditor.min.js:77 s @ shared.min.js:31
0
Comments
Good catch.
I've got a PR for a fix here:
This fix should be out in the next release, but in the meantime you can resolve it by just changed that one line in
DiscussionsApiController.I also formatted the code blocks in your post. It makes it a lot easier to read the errors.