Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Register
  • Sign in
  • funkwhale funkwhale
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
    • Locked files
  • Issues 433
    • Issues 433
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 23
    • Merge requests 23
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
    • Test cases
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Terraform modules
    • Model experiments
  • Analytics
    • Analytics
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • funkwhalefunkwhale
  • funkwhalefunkwhale
  • Issues
  • #1153

403 on POST requests

Steps to reproduce

Note that this does not seem to affect GET requests

  1. Log on to a server running on the develop branch (e.g. Demo/local development/tanukitunes)
  2. Try to upload a track (I've also had it occur when trying to create new libraries)

What happens?

A 403 "Access Denied" error is returned

What is expected?

A 200 "Success" message is returned

Context

Funkwhale version(s) affected: 0.21+git.d0e6cd40

Docker multi-container, nginx reverse proxy, Firefox and Chromium tested

Example headers being sent

Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:8000/library/2cc080e5-9643-4d10-957b-aacfaaacf9e0/upload?import=2020-06-06T21%3A33%3A20%2B01%3A00
Authorization: undefined
Content-Type: multipart/form-data; boundary=---------------------------168303692229214573002433610235
Content-Length: 10808062
Origin: http://localhost:8000
Connection: keep-alive
Cookie: csrftoken=D7H89LqQZwGyK52fJ11A4JJGJi0vrMVPQFhUvTnA6XGiO8h3whqv3zx6cBqiMFOO; sessionid=dbm01thv7hb9viyvb1sy6tt90qooecl2
DNT: 1

Example logs from develop Docker

api_1           | 2020-06-06 19:49:07,751 django.request WARNING  Forbidden: /api/v1/libraries/
api_1           | INFO:     172.19.0.7:57184 - "POST /api/v1/libraries/ HTTP/1.1" 403 Forbidden
nginx_1         | 172.18.0.1 - - [06/Jun/2020:19:49:07 +0000] "POST /api/v1/libraries/ HTTP/1.1" 403 58 "http://localhost:8000/content/libraries/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" "-"
Edited Jun 06, 2020 by Ciarán Ainsworth
Assignee
Assign to
Time tracking