Jump to content

403 Forbidden: The Server Understood The Request, But Is Refusing To F


jbach
 Share

Recommended Posts

Building an actionscript Twitter client and using OAuth for the sign in process.

 

By necessity I need to use a php proxy to redirect all calls between my actionscript client and the Twitter server.

 

Having an extrememely frustrating issue with the following error message. '403 Forbidden: The server understood the request, but is refusing to fulfill it.'

 

The following 2 steps ALWAYS work after I click my 'Sign In with Twitter' button, I make it to the Twitter OAuth sign in page so I have the correct request token, etc

 

1 successfully retrieve request token

2 navigate to Twitter's OAuth login page (following url isn't my actual URL but represents the actual path visible in the browser) *****/twitter/proxy.php?path=http%3A%2F%2Ftwitter.c...

 

But the ONLY way I can proceed further (ie clicking 'Sign In' on the Twitter Oauth sign in page) without getting the 403 error is if the browser has just launched BEFORE navigating to the Twitter OAuth sign in page.

 

Let me explain...

ie I have a separate duplicate compiled version of my application on my desktop where I click the 'Sign In with Twitter' button to start the login process. It targets the same php proxy script, retrieves the request token, then issues a navigate to URL command which launches a new browser window, or in this case, launches the browser.

 

Clicking signIn now works correctly, no 403 error

 

Other wise(if the browser has ALREADY been open BEFORE I get to the twitter OAuth Sign In page) I get the 403 forbidden message, even if the username-password fields are blank.

 

What gives? I am totally stumped.... This occurs in BOTH Safari and Firefox in OSX....so I can assume its NOT a browser issue

 

 

Could this have something to do with the Totalchoice server not being allowed to make requests back to itself?

 

Am going to need some senior tech support it seems to get this resolved...

Link to comment
Share on other sites

  • 10 months later...

I also have a "you are no supposed to be here" redirection page for any directory that I don't want people have FTP-like HTTP access... once, I accidentally discovered a friend's resume/CV in one of his sub-directories. I think any directory without index.html or index.php automatically have get an FTP-like html interface (if you know what I'm talking about)... like /images/ directories, which I believe most websites will have. A bit of a side-question... is there a technically correct or easier way of preventing such "unauthorized" access to these directories? I can't quite figure out a way with permissions, since for most of those directories, you'll need to set it readable by public for them to access the contents (e.g. images, javascript, etc).

Link to comment
Share on other sites

A bit of a side-question... is there a technically correct or easier way of preventing such "unauthorized" access to these directories? I can't quite figure out a way with permissions, since for most of those directories, you'll need to set it readable by public for them to access the contents (e.g. images, javascript, etc).

 

Welcome to the forums pasbanrule :)

 

If you are hosted here at TCH you can use the No Indexing feature of cPanel which will display a "forbidden" message to the user if no index.html, index.htm, index.php (home page) is included in the folder.

 

No Indexing: The contents of the directory are not listed; visitors will see a message stating that the contents are “forbidden.”
Link to comment
Share on other sites

  • 4 months later...
Guest bobmorton

Thanks for the tips. So is it really required to use index.html, index.htm, index.php (home page) to prevent landing in a "forbidden" page?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...