Announcement

Collapse
No announcement yet.

Error 403 on Avatar load

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Error 403 on Avatar load

    I am getting error 403 on loading an avatar, either as a user or admin. Is their a folder i should change permissions on? I am using a host who have Cpanel. All other functions appear to be working.

  • #2
    Do attachments uploading and downloading work?

    Check permissions to data, data/upload

    Comment


    • #3
      Hi Yuri,
      "Check permissions to data, data/upload" - I am not sure how to do that.
      I have googled for hours and tried a lot of things. Different browsers, PC's and a tablet. All end up doing the same thing.
      Below is a screen shot. I have tried it in different areas so maybe you are right that permissions are not set correctly? I have asked Register4Less (R4L) (my host) to check that for me.
      As far as the install was concerned, i just used R4L softaculous, nothing special as far as tweaking or anything.

      The files I have tried are JPG, GIF, PDF, DOC.

      Espo allows for uploads which open my local drive and as soon as I click open I get Error 403. As their has been no upload success, I have not been able to download.

      I changed all the .htaccess in Espo (there are 4) to 755, that didn't work so I changed them back to 644.
      Hope you can help,
      regards,
      Ian




      Click image for larger version

Name:	Screenshot 2015-01-30 15.05.11.png
Views:	241
Size:	22.3 KB
ID:	4096

      Comment


      • #4
        It can be some specific server configurations. Please check if this file exists .htaccess in the root directory and contains this line:
        Code:
        RewriteRule .* - [E=HTTP_ESPO_CGI_AUTH:%{HTTP:Authorization}]
        Job Offers and Requests

        Comment


        • #5
          That line does exist in that file. I had a look at all the htaccess files and I changed all the .htaccess in Espo (there are 4) to 755, that didn't work so I changed them back to 644.

          Below are the contents of those 4 files.

          #1+++++++++++++++++
          /home/myfiles/public_html/espo/.htaccess

          <ifModule mod_headers.c>
          Header always set Access-Control-Allow-Methods "POST, GET, PUT, PATCH, DELETE"
          </ifModule>

          DirectoryIndex index.php index.html

          <IfModule mod_rewrite.c>
          RewriteEngine On

          # PROTECTED DIRECTORIES
          RewriteCond %{REQUEST_FILENAME} -d
          RewriteRule ^/?(data|api)/ - [F]

          RewriteRule ^/?data/config\.php$ - [F]
          RewriteRule ^/?data/logs/ - [F]
          RewriteRule ^/?data/cache/ - [F]
          RewriteRule ^/?data/upload/ - [F]
          RewriteRule ^/?application/ - [F]
          RewriteRule ^/?custom/ - [F]
          RewriteRule ^/?vendor/ - [F]
          #END PROTECTED DIRECTORIES

          RewriteRule .* - [E=HTTP_ESPO_CGI_AUTH:%{HTTP:Authorization}]

          RewriteRule reset/?$ reset.html [QSA,L]
          </IfModule>
          AuthName "Espro_Apco"
          AuthUserFile "/home/austrddb/.htpasswds/public_html/espo/passwd"


          #2+++++++++++++++++
          /home/myfiles/public_html/espo/vendor/slim/slim/.htaccess

          RewriteEngine On

          # Some hosts may require you to use the `RewriteBase` directive.
          # If you need to use the `RewriteBase` directive, it should be the
          # absolute physical path to the directory that contains this htaccess file.
          #
          # RewriteBase /

          RewriteCond %{REQUEST_FILENAME} !-f
          RewriteRule ^ index.php [QSA,L]


          #3+++++++++++++++++
          /home/myfiles/public_html/espo/custom/Espo/Custom/.htaccess

          Order Deny,Allow
          Deny from all


          #4+++++++++++++++++
          /home/myfiles/public_html/espo/api/v1/.htaccess

          RewriteEngine On

          # Some hosts may require you to use the `RewriteBase` directive.
          # If you need to use the `RewriteBase` directive, it should be the
          # absolute physical path to the directory that contains this htaccess file.
          #
          # RewriteBase /

          RewriteRule .* - [E=HTTP_ESPO_CGI_AUTH:%{HTTP:Authorization}]

          RewriteCond %{REQUEST_FILENAME} !-f
          RewriteRule ^ index.php [QSA,L]


          ++++++++++++++++++++++++++++++++++++++++++++++++++




          Comment


          • #6
            Also I was able to import into "Leads".

            Comment


            • #7
              My host - R4L support - "I changed the permissions on data and data/upload but I doubt this is the problem since files WERE uploaded there already... something else is happening but there is no precise log of the error, and I have no experience with this software."
              I subsequently tried to load an avatar to admin with no success - Error 403.
              Very frustrating.
              Ian

              Comment


              • #8
                I passed the following on to support at R4L. I got this from another forum after searching for Error 403
                It related to Espo and error 403.

                > I've contacted the creator of Espo to see what I'm doing wrong. He thinks my server might

                > be blocking PATCH requests. So I installed it on a XAMPP test on my Destkop
                > and that worked fine. Yet I can't find any way to deny or allow PATCH
                > requests.
                >
                > Does anyone know how to fix this?
                >
                > Edit: If I grab the request URL and just open the URL in a new tab it opens
                > correctly. It just doens't handle the request
                >
                >
                > ...there was a response...>>>
                >
                >
                > The vhost needs permission to handle methods like PATCH.
                >
                > Add the LIMIT rules like below in your directory section in the vhost
                > config:
                >
                > <Limit GET POST PUT DELETE HEAD OPTIONS PATCH>
                > Order allow,deny
                > Allow from all
                > </Limit>
                >

                After my host made these changes everything worked.

                Fantastic! Thank you for your help as well.

                I guess this post can be closed.


                Comment


                • #9
                  Here is the precise detail of the fix:

                  Added the following code you sent me at the start of ~/public_html/espo/.htaccess :


                  <Limit GET POST PUT DELETE HEAD OPTIONS PATCH>
                  Order allow,deny
                  Allow from all
                  </Limit>

                  Comment

                  Working...
                  X