jbach Posted January 21, 2010 Posted January 21, 2010 Building an actionscript Twitter client and using OAuth for the sign in process. By necessity I need to use a php proxy to redirect all calls between my actionscript client and the Twitter server. Having an extrememely frustrating issue with the following error message. '403 Forbidden: The server understood the request, but is refusing to fulfill it.' The following 2 steps ALWAYS work after I click my 'Sign In with Twitter' button, I make it to the Twitter OAuth sign in page so I have the correct request token, etc 1 successfully retrieve request token 2 navigate to Twitter's OAuth login page (following url isn't my actual URL but represents the actual path visible in the browser) *****/twitter/proxy.php?path=http%3A%2F%2Ftwitter.c... But the ONLY way I can proceed further (ie clicking 'Sign In' on the Twitter Oauth sign in page) without getting the 403 error is if the browser has just launched BEFORE navigating to the Twitter OAuth sign in page. Let me explain... ie I have a separate duplicate compiled version of my application on my desktop where I click the 'Sign In with Twitter' button to start the login process. It targets the same php proxy script, retrieves the request token, then issues a navigate to URL command which launches a new browser window, or in this case, launches the browser. Clicking signIn now works correctly, no 403 error Other wise(if the browser has ALREADY been open BEFORE I get to the twitter OAuth Sign In page) I get the 403 forbidden message, even if the username-password fields are blank. What gives? I am totally stumped.... This occurs in BOTH Safari and Firefox in OSX....so I can assume its NOT a browser issue Could this have something to do with the Totalchoice server not being allowed to make requests back to itself? Am going to need some senior tech support it seems to get this resolved... Quote
pasbanrule Posted December 13, 2010 Posted December 13, 2010 I also have a "you are no supposed to be here" redirection page for any directory that I don't want people have FTP-like HTTP access... once, I accidentally discovered a friend's resume/CV in one of his sub-directories. I think any directory without index.html or index.php automatically have get an FTP-like html interface (if you know what I'm talking about)... like /images/ directories, which I believe most websites will have. A bit of a side-question... is there a technically correct or easier way of preventing such "unauthorized" access to these directories? I can't quite figure out a way with permissions, since for most of those directories, you'll need to set it readable by public for them to access the contents (e.g. images, javascript, etc). Quote
TCH-Bruce Posted December 13, 2010 Posted December 13, 2010 A bit of a side-question... is there a technically correct or easier way of preventing such "unauthorized" access to these directories? I can't quite figure out a way with permissions, since for most of those directories, you'll need to set it readable by public for them to access the contents (e.g. images, javascript, etc). Welcome to the forums pasbanrule If you are hosted here at TCH you can use the No Indexing feature of cPanel which will display a "forbidden" message to the user if no index.html, index.htm, index.php (home page) is included in the folder. No Indexing: The contents of the directory are not listed; visitors will see a message stating that the contents are “forbidden.” Quote
Guest bobmorton Posted April 21, 2011 Posted April 21, 2011 Thanks for the tips. So is it really required to use index.html, index.htm, index.php (home page) to prevent landing in a "forbidden" page? Quote
TCH-Bruce Posted April 21, 2011 Posted April 21, 2011 Welcome to the forums Bob Yes, you can put a blank index.html file in the folder to prevent the "forbidden" page. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.