Http Responding 403 Forbiden

hamedrahimi · April 24, 2019, 11:07am

Hallo
I have
public function reciveNotification()
and it is alowded as following
$this->Auth->allow([“reciveNotification”]);

When i do GET Request it working good but by POST request i am facing to 403 Forbiden
what am i doing wrong?
GET:
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2019 11:06:43 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST:
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2019 11:05:52 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 836
Content-Type: text/html; charset=UTF-8

FinlayDaG33k · April 24, 2019, 2:24pm

Do you by any accident get some error about a CSRF token missing or being invalid?

hamedrahimi · April 24, 2019, 3:10pm

Hallo ,
As u can see , i just get forbidden error 403

FinlayDaG33k · April 24, 2019, 4:08pm

Yes, the headers show you a 403, but check the body of the response, it should contain more clues as to why you get the 403.

hamedrahimi · April 25, 2019, 6:11am

i do try -v option of curl and the resulte is :

< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
< Date: Thu, 25 Apr 2019 06:04:41 GMT
Date: Thu, 25 Apr 2019 06:04:41 GMT
< Server: Apache/2.4.29 (Ubuntu)
Server: Apache/2.4.29 (Ubuntu)
< Content-Length: 836
Content-Length: 836
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8

<

Excess found in a non pipelined read: excess = 836 url = /path to url/ (zero-length body)
Connection #0 to host urlto my website left intact

FinlayDaG33k · April 25, 2019, 11:23am

Then it seems like something might be wrong with your server config itself (and not your CakePHP app).
If CakePHP gives an error (unless you have it running in production mode) it should result in a big fat error screen.

hamedrahimi · April 25, 2019, 12:26pm

hi,
I have tried to turn off debug and i got

Missing CSRF token cookie

FinlayDaG33k · April 25, 2019, 2:15pm

well, then the solution is clear as day
Send the csrfToken cookie with your request as well (or set the X-CSRF-Token header if using something like ajax).

hamedrahimi · April 26, 2019, 6:06am

thanks but the problem is that, it is a callback action from API. and i can not do that. i need to deactivate it for this action i tried to add following function to my controller
public function beforeFilter(Event $event)
{
parent::beforeFilter();
$this->getEventManager()->off($this->Csrf);
}
but no success

FinlayDaG33k · April 26, 2019, 8:40am

How do you mean callback action from API?

hamedrahimi · April 26, 2019, 9:07am

there is a program from othere company make this POST Request and the can not send token

FinlayDaG33k · April 26, 2019, 11:33am

hm… I see…

well, according to the cookbook, you are using the right code… so it must be going wrong somewhere else…

Topic		Replies	Views
CSRF error in Ajax POST request Need Help	5	4442	November 18, 2020
How to post data to my cakephp app from outside? Need Help	7	747	January 11, 2021
Keep getting the error “CSRF token mismatch”	4	3126	August 26, 2018
Csrf token mismatch error	2	467	June 17, 2020
CakePHP 3.8.10 released! Announcements news , release	0	536	February 24, 2020

Http Responding 403 Forbiden

Missing CSRF token cookie

Releases

Documentation

Community

Http Responding 403 Forbiden

Missing CSRF token cookie

Related Topics

Releases

Documentation

Community