Http Responding 403 Forbiden

hamedrahimi · April 24, 2019, 11:07am

Hallo
I have
public function reciveNotification()
and it is alowded as following
$this->Auth->allow([“reciveNotification”]);

When i do GET Request it working good but by POST request i am facing to 403 Forbiden
what am i doing wrong?
GET:
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2019 11:06:43 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST:
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2019 11:05:52 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 836
Content-Type: text/html; charset=UTF-8

FinlayDaG33k · April 24, 2019, 2:24pm

Do you by any accident get some error about a CSRF token missing or being invalid?

hamedrahimi · April 24, 2019, 3:10pm

Hallo ,
As u can see , i just get forbidden error 403

FinlayDaG33k · April 24, 2019, 4:08pm

Yes, the headers show you a 403, but check the body of the response, it should contain more clues as to why you get the 403.

hamedrahimi · April 25, 2019, 6:11am

i do try -v option of curl and the resulte is :

< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
< Date: Thu, 25 Apr 2019 06:04:41 GMT
Date: Thu, 25 Apr 2019 06:04:41 GMT
< Server: Apache/2.4.29 (Ubuntu)
Server: Apache/2.4.29 (Ubuntu)
< Content-Length: 836
Content-Length: 836
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8

<

Excess found in a non pipelined read: excess = 836 url = /path to url/ (zero-length body)
Connection #0 to host urlto my website left intact

FinlayDaG33k · April 25, 2019, 11:23am

Then it seems like something might be wrong with your server config itself (and not your CakePHP app).
If CakePHP gives an error (unless you have it running in production mode) it should result in a big fat error screen.

hamedrahimi · April 25, 2019, 12:26pm

hi,
I have tried to turn off debug and i got

Missing CSRF token cookie

FinlayDaG33k · April 25, 2019, 2:15pm

well, then the solution is clear as day
Send the csrfToken cookie with your request as well (or set the X-CSRF-Token header if using something like ajax).

hamedrahimi · April 26, 2019, 6:06am

thanks but the problem is that, it is a callback action from API. and i can not do that. i need to deactivate it for this action i tried to add following function to my controller
public function beforeFilter(Event $event)
{
parent::beforeFilter();
$this->getEventManager()->off($this->Csrf);
}
but no success

FinlayDaG33k · April 26, 2019, 8:40am

How do you mean callback action from API?

hamedrahimi · April 26, 2019, 9:07am

there is a program from othere company make this POST Request and the can not send token

FinlayDaG33k · April 26, 2019, 11:33am

hm… I see…

well, according to the cookbook, you are using the right code… so it must be going wrong somewhere else…

Topic		Replies	Views
Cakephp 3.6 ajax 403 forbidden Need Help	4	4656	April 23, 2020
CSRF error in Ajax POST request Need Help	5	4882	November 18, 2020
Cakephp 3.7 REST Api issue "Missing CSRF token cookie" Need Help	6	3249	May 14, 2024
CsrfToken mismatch with proper token? Need Help	4	822	February 14, 2020
CSRF token mismatch While creating REST API Need Help	1	2531	September 15, 2018

Http Responding 403 Forbiden

Missing CSRF token cookie

Releases

Documentation

Community

Http Responding 403 Forbiden

Missing CSRF token cookie

Related topics

Releases

Documentation

Community