Im trying to reach isiscouch on my app on pythonanywhere and despite the fact that the site is whitelisted and that I'm currently a free user it just returns HTTPError: (403, 'Forbidden') on error log. What am I missing here?
response, content = httplib2.Http().request("https://-stripped-.iriscouch.com", 'GET', None, headers)
You're probably getting the 403 from the site, then. What is in the content of the response?
Related
I set up a REST API in AWS with a PUT method to upload files to an S3 bucket. The "Authorization" field in the Method Request is set to NONE. I'm calling the API in Python like so:
file = {"file": open('file.jpg', 'rb')}
requests.put(https://api-id.execute-api.us-east-1.amazonaws.com/Prod/bucketname/filename, files=file)
However, each time this command runs, it returns the error:
"403 Client Error: Forbidden for url: https://api-id.execute-api.us-east-1.amazonaws.com/Prod/bucketname/filename"
This doesn't make sense to me; authorization is set to NONE, so anybody should be able to call the API - why am I getting "Forbidden"? Also, the request works perfectly fine in Postman - I am able to call the API and upload the file and it returns "200 Successful".
I've searched other posts on Google and StackOverflow to no avail. What is going on?
Figured it out, I was sending Binary files up to the gateway without adding those file types to the "Binary File Types" section in Settings. For some reason this resulted in a 403 Forbidden Error (even though it wasn't an authentication issue at all).
After analyzing the web, to see SEO failures, I see that I have a page that returns a 403 but it is shown as any other page.
The web is in Drupal, and I verified that it was not a block that was added with blocked permissions.
I do not see why it returns 403.
Probably you have 403 page configured under /admin/config/system/site-information:
I have my e-commerce website and dealing with a 3rd party payment vendor integration. I send them a URL and they're returning a POST request to it. The problem is I'm receiving 403-bad or Missing CSRF Token error.
The incoming request is as follows:
Request URL:https://mavi.local:9002/checkout/callback/secure3d?CSRFToken=425cc3ee-df74-482a-955b-c7836abff410&responseCode=0000&token=D7ED3EBA21864253AD7AA33AABB492C7FA90DDEBD7AD448D1210EF85814E077505BC8E58E1F29AC2153E600678E6545A2D87FAACF516AC3249F7D8572EA767835C89F1E370C01532F0DCCABF8ACCC7F215AE838E9B917204F1C362140E6F5E87
Request Method:POST
Status Code:403 Forbidden
Remote Address:127.0.0.1:9002
Referrer Policy:no-referrer-when-downgrade
And the initiator is:
test.masterpassturkiye.com/RedirectServer/MMIUIMasterPass_V2/s3d/bank/success?RRN=500007047967:7
I'm trying to add this url as allowed Cross Origin request in my Spring configuration.
I have tried 2 options.
Updating csrf.allowed.url.patterns setting in project.properties as follows:
csrf.allowed.url.patterns=/.*callback|.masterpass|[^/]+(/[^?])+(sop/response)$,/[^/]+(/[^?])+(merchant_callback)$,/[^/]+(/[^?])+(hop/response)$,/[^/]+(/[^?])+(language)$,/[^/]+(/[^?])+(currency)$
This regex mathces with the url but not the whole URL, I think it might be a problem, yet I'm not sure.
Inserted below item into my spring-mvc-config.xml
<util:list id="csrfAllowedUrlPatternsList" value-type="java.lang.String" >
<value>.*masterpass</value>
</util:list>
I adopted this solution from this blog post
Yet the problem with the 403 error still continues. What might be the possible problem with my configurations? Any help or idea will be great help.
I believe that your value in spring-mvc-config.xml is wrong.
Please try with /checkout/callback/secure3d since this is the Hybris URL which handles the POST request and which should not ask for a CSRF token.
To make everything more clear, your spring-mvc-config.xml should contain this:
<util:list id="csrfAllowedUrlPatternsList" value-type="java.lang.String" >
<value>/checkout/callback/secure3d</value>
</util:list>
I believe that this is valid for the csrf.allowed.url.patterns as well.
The regex should apply to the call back URL (i.e /checkout/callback/secure3d) instead of the initiator.
I have used better exposed filter module and set it as on click submit. it set an ajax request when click on the check box. It is causing problem in HTTPS. it is working fine in HTTP.
An AJAX HTTP error occurred.
HTTP Result Code: 403
Debugging information follows.Path: /views/ajax
StatusText: Forbidden
ResponseText: 403 Forbidden
ForbiddenYou don't have permission to access /views/ajaxon this server.
There are couple of things that you need to check:
It is likely you have not set $base_url in your settings.php file.
There is a mode_security file on Amazone EC2 server increase the size of post data when using https. Hope it will work Happy coding...
I have configured 2 providers and used the FOS-Oauth-Bridge. FB works just fine, but when I try connecting to LinkedIn, the browser shows the message
Content Encoding Error
The page you are trying to view cannot be shown because it uses an
invalid or unsupported form of compression.
Please contact the website owners to inform them of this problem.
I tried decoding the generated URL and that seems fine to:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=077-dd7c-4815-aea0-8c31e0ce7&scope=r_fullprofile&state=eecd50f81e6ad3e7e23cc11ec50d4768&redirect_uri=http%3A%2F%2Fsf2test.dv%2Fapp_dev.php%2Fsec_area%2Flogin%2Fcheck-linkedin
I tried changing the redirect URL to 127.0.0.1, changing the port to 8X but nothing works
I do not have SSL installed on my Windows / Apache
When I manually change the LinkedIn URL to HTTP (instead of HTTPS), I get this message
Request denied
**Request denied**
Sorry, we are unable to serve your request at this time due to unusual traffic from your network connection.
Reason codes:
3,2,19
Can someone help me figure out the problem?