Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #11092 403 forbidden on project backlog
    Actions
    Infos
    #11092
    Sebastian Eberhardt (ebeseb)
    2018-02-07 16:00
    2018-02-04 22:16
    11421
    Details
    403 forbidden on project backlog
    Hi everyone.

    I setup a fresh virtualbox with centos 6 and tuleap 9.17.99.27 on an ArchLinux host (tried the docker container first, same problem).

    Tuleap domain is set to 127.0.0.1

    Port forwarding on virtualbox is active for ports 8080 -> 80; 8443 -> 443; 8022 -> 22.

    Ports are opened in iptables on centos guest.

    Logging in with the provided default admin credentials from the host works fine. However when trying to access the backlog on the agile dashboard there are 403 forbidden errors and the spinning icon is shown forever.

    Attached screenshot shows the error messages in chrome dev tools.

    Is this a bug or a misconfiguration of my host system (since it happens with the docker container as well)? There is one difference to running Tuleap with docker: accessing it from the docker host, the error doesn't occur, however, if I do it form a different machine the error happens again.

    Any help is much appreciated, I hope this is the correct place to post this.

    Cheers, Seb
    Agile Dashboard
    9.17
    CentOS 6
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Declined
    2018-02-07
    Attachments
    By Sebastian Eberhardt (ebeseb)
    (555 kB)
    tuleap_403.jpg
    References
    References list is empty
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2018-02-07 16:00
    Perfect, I close then.
    • Status changed from New to Declined
    • Close date set to 2018-02-07
    User avatar
    Sebastian Eberhardt (ebeseb)2018-02-07 15:59
    Thats it! Thank you! I put in the servers IP and now it works. Makes sense actually when thinking about it :-)
    User avatar
    Thomas Gerbet (tgerbet)2018-02-07 15:28
    What you put in these configuration parameters should be the name you use to access your Tuleap instance. Since I'm guessing you are not using localhost:8443 to access your instance from a different machine the request will indeed be rejected when you try to query the REST API.

    You basically need to have a name (an IP address or a name) that you can use to access your instance whatever the machine you are using to access to the instance and set it in the configuration file.
    User avatar
    Sebastian Eberhardt (ebeseb)2018-02-07 15:18
    That does work on the machine where the docker container is running. It doesn't work from a different machine however. Do I need to change something for remote access to work correctly?
    User avatar
    Thomas Gerbet (tgerbet)2018-02-07 15:04
    Hello,

    You have set localhost:8443 in your config file but you access to your instance with 127.0.0.1:8443. Can you try to access to instance using localhost:8443 to see if it works as expected?
    User avatar
    Sebastian Eberhardt (ebeseb)2018-02-06 22:45
    Whoops, yes you are absolutely correct, how did I miss this? Sorry! Since I tested this on different machines and with Docker and Virtualbox, etc. I must have mixed up the numbers.

    Unfortunately even with matching port settings the exact same error happens.
    User avatar
    Manuel Vacelet (vaceletm)2018-02-06 17:43

    Your settings doesn't match your port fowarding, it should be

    • $sys_default_domain = 'localhost:8080';
    • $sys_https_host = 'localhost:8443';
    User avatar
    Sebastian Eberhardt (ebeseb)2018-02-06 17:20
    Sure, so since I forward port into the VB I set the values as follows:

    $sys_default_domain = 'localhost:3080';
    $sys_https_host = 'localhost:3443';
    $sys_rest_api_over_http = 0;
    $sys_trusted_proxies = '';

    I have not setup any kind of proxy server.
    User avatar
    Manuel Vacelet (vaceletm)2018-02-06 17:12

    Could you past here the following variables of your /etc/tuleap/conf/local.inc:

    • $sys_default_domain
    • $sys_https_host
    • $sys_rest_api_over_http
    • $sys_trusted_proxies

    + did you setup some reverse proxy in front ?

    User avatar
    Sebastian Eberhardt (ebeseb)2018-02-06 09:27
    If I request one of the failing items alone the response is:

    {"error":"Referer doesn't match host. CSRF tentative ?"}

    I found this string in several requests here, but not a working solution unfortunately.
    User avatar
    Manuel Vacelet (vaceletm)2018-02-05 12:07

    This is the correct place to report, welcome!

    What is the error message associated to the 403 (server response) ?