I have an Laravel 8 Api application that was running 100% in a shared vps hosting.
Everything was fine, then I add a github action in order to do a simple CD/CI using the https://github.com/SamKirkland/FTP-Deploy-Action.
Since then, something was happened to all my directories permissions, so I having a 403 Forbidden HTTP Error message in all the API endpoints.
Can someone help me in this issue? Thanks a lot.
Considering SamKirkland/FTP-Deploy-Action is not suppose to change file permission, the root cause should be:
either some config cache issue
some missing bearer token
a missing custom request class authorize() method
Checking the logs should help narrowing the possible issues.
Related
I've created a pipeline trigger in Gitlab as the documentation said, but when I open it I get a "error": "404 Not Found".
Webhook URL: https://gitlab.com/api/v4/projects/xxxx/ref/xxxx/trigger/pipeline?token=xxxx
xxxx is being replaced by the values I have. Tried different things, setting the project to public. Enabling/disabling Limit CI_JOB_TOKEN acces.
I'm a bit lost right now.
As examples show you need to use http POST method
curl -X POST $WEBHOOK_URL
If you are pasting the URL directly to your browser it will use http GET and result in 404 error.
The feature that you are referencing in the question might not be working due to a GitLab bug that was introduced in 12.0.0. Please see the issue here: https://gitlab.com/gitlab-org/gitlab/-/issues/30486
I am not sure if I found a bug, or if I just messed up the configuration some how.
I have an ASP.NET Core 2.1 Razor website using AzureADB2C authentication, utilizing the new 'pre-packaged' configuration utilities). When I try to access a page that my test user doesn't have access to, it returns a generic 404 page instead of going to the pre-defined AccessDenied page.
Looking at the browser URL, it is trying to go to:
https://localhost:44310/Account/AccessDenied?ReturnUrl=%2FAbout
But I think it should be:
https://localhost:44310/AzureADB2C/Account/AccessDenied?ReturnUrl=%2FAbout
(Note: if I manually put this in the browser, it works correctly)
When, you sign out, it takes you to:
https://localhost:44310/AzureADB2C/Account/SignedOut
Does anyone know if there is a configuration to control this redirect? Or is this a bug in the new 2.1 Authentication modules? (And if so, any ideas how to work around it until it is fixed?)
I reported this to MSFT as a bug and they are looking into it. But I did figure out a workaround, in case anyone else is getting this same issue.
The issue on MSFT site is: https://developercommunity.visualstudio.com/content/problem/301357/microsoftaspnetcoreauthenticationazureadb2cui-acce.html
The workaround is to use the Rewrite Middleware to redirect the call. Putting the below into the Configure method of your Startup.cs class will handle the issue.
// Workaround for AccessDenied URL error in MSFT code
RewriteOptions rewrite = new RewriteOptions().AddRedirect("^Account/AccessDenied(.*)", "AzureADB2C/Account/AccessDenied$1");
app.UseRewriter(rewrite);
I've been looking for this answer and the other pages didn't help me.
I'm trying to use the google drive api for php. I am trying to test on my local environment and receive this error.
Error: redirect_uri_mismatch
The redirect URI in the request: urn:ietf:wg:oauth:2.0:oob did not match a registered redirect URI
Request Details
scope=https://www.googleapis.com/auth/drive
response_type=code
redirect_uri=urn:ietf:wg:oauth:2.0:oob
access_type=offline
display=page
prompt=consent
client_id=735129338633-0epug8n80jsg0t50ijn7our4a661nnk6.apps.googleusercontent.com
Here is the page for the api:
The url is in
localhost:8888/Spreadsheets/driver.php
What am I doing wrong?
Looks like the current Google OAuth2 integration requires enabling
Contacts API
Google+ API
from the Google Developers Console for the associated Project. In my log I noticed errors liek 403, Access Not Configured. Please use ....
The redirect URI (where the response is returned to) has to be correct and exactly as you registered in the APIs console, and the error is indicating that you haven't done that or you haven't done it correctly.
To get the redirect URI from console:
Go to the console for your project and look under API Access.
Open Credentials section (in left side)
You should see your client ID & secret there, along with there is a
list of redirect URIs. If you want to change it or it was wrong,
click edit settings and modify.
Even if your redirect uri is properly set in the console, a lot of times, when you've recently changed settings in the google dev console, it will still tell you there's a redirect mismatch. It's a surprisingly common occurrence.
You can try...
Waiting; some have had luck with this, indicating that google takes some amount of time to register recent changes.
If you don't mind reconfiguring your app, creating a new client id in the google dev console tends to fix this problem with consistent results.
From the Magento wiki at:
http://www.magentocommerce.com/api/rest/authentication/oauth_authentication.html#OAuthAuthentication-OAuthProcess
When getting an API token you start off by getting an Unauthorized Request Token at:
www.mystore.com/oauth/initiate
However, my code does not work and when I browse to the above url in my browser I get a 404.
I am appending shop store code to the base url (eg www.mystore.com/en/) I don't know if this alters anything.
The Magento Wiki has a typo:
$adminAuthorizationUrl = 'http://yourhost/admin/oAuth_authorize';
Should be:
$adminAuthorizationUrl = 'http://yourhost/admin/oauth_authorize';
I struggled with this one for most of the day, so here's a late contribution in case it helps anybody:
The authorization URL that's documented by Magento, admin/oauth_authorize, assumes that you're not using a custom URL for your admin access. "admin" is the standard URL to access the Magento dashboard, but many people change it for security. If you have changed your admin URL to something other than "admin", use that instead.
IOW if you access your Magento dashboard at https://yoursite.com/foo, then your authorization URL is foo/oauth_authorize.
I also had the problem, that the following request returned the 404 http status:
http://yourmagentostore.com/oauth/initiate
The solution was quite simple: In case if you are using multiple stores and/or store views on the same domain, don't forget to add the url path which maps to the store view. E.g.
http://yourmagentostore.com/<my-store-view-path>/oauth/initiate
I just had the same problem. Not many similar problems to be found and no solution. This is strange because this seems to be a missing config option 'global/request/direct_front_name', which isn't set in Core/Oauth module. How can all the tutorials work without this important setting!?
Without "oauth" setting being there, every call to /oauth/[controller] leads to "noRouteAction" being resolved (see. Mage_Core_Controller_Request_Http::setPathInfo() and Mage_Core_Controller_Request_Http::isDirectAccessFrontendName($storeCode)) instead of default indexAction.
So, the solution is to set this setting in local config or an own extension as follows
<?xml version="1.0"?>
<config>
[...]
<global>
[...]
<request>
[...]
<direct_front_name>
<oauth/>
</direct_front_name>
</request>
</global>
</config>
Afterwards you can finally get the token at least. I'm checking the further process now.
There is one subtlety don't forget the http:// so your call to the store should be
http://yourmagentostore.com/oauth/initiate
Also there is more to REST services setup then on the link you posted, it is only an overview. There is a ton of configuration on the store before you will actually get a rest response and when the user isn't recognized, unauthorized or without proper ACL privileges you will get 404 or 500 responses. I guess that deters hackers but it is a bear to trouble shoot. I've been down this road and although I am using an automation tool the Setup of the store and troubleshooting is the same.
Take a look on my blog I keep it up to date with my adventures with the Magento REST API
Cheers!
Rich Borek
http://magento-simplified.blogspot.com
I can access certain links from my site with no issue. However, if I try and manually type in the same URL as the link/button I get a 403 error.
FOr instance http://www.sumobid.com/logout.php
I have verfied the permissions on the file but am still getting the error.
This is on a dedicated server.
Any ideas?
Sounds like you're not logged in for the second case. I.e., you can't logout if you're not logged in.
Edit: I.e., it seems as if the app is throwing a 403 for pages that require auth but don't have it. (As opposed to, say, redirecting to the login page.)
Seems I fixed my own problem. It turns out that I had inadvertently turned on LinkProtection in cPanel. Once that was disabled everything started working as it should