CD
Cloudflare Developers2y ago
BeboQ

403 error

why i get 403 error when trying to fetch subdomain.example.com that has origin rule ?
18 Replies
BeboQ
BeboQOP2y ago
i use this #why i get this error
Chaika
Chaika2y ago
fetch from what? A Worker? something else? What's the full page?
BeboQ
BeboQOP2y ago
i fetch the subdomain.example.com i get error
BeboQ
BeboQOP2y ago
Chaika
Chaika2y ago
That forbidden is being returned by your Express server, as shown in the x-powered-by and cf-cache-status (being present) headers you'll have to debug why it is returning Forbidden, but it's not CF that is doing it
BeboQ
BeboQOP2y ago
what maybe causes this @chaika.me also another thing I have a route /status send the auth status if i visit using subdomain.example.com it gives the auth status and if visited using ip:port i gets unauthorized i think they must be the same
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
BeboQ
BeboQOP2y ago
My vps ip Why the response is different
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
BeboQ
BeboQOP2y ago
I’m not using nginx
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
BeboQ
BeboQOP2y ago
I’m using the cloudflare origin server rules How can i make this ?
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
BeboQ
BeboQOP2y ago
If i open the api on my browser it works but when I fetch it i get error 403
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
BeboQ
BeboQOP2y ago
No , using my front-end nextjs @chaika.me @seanmmitchell any one know how to fix this
Chaika
Chaika2y ago
Again, it's express sending it, not CF. Help with origin servers is limited -- I don't know express. A quick google search about 403s with express results in this: https://stackoverflow.com/questions/50904729/403-forbidden-on-express-cant-accept-authorization-header If the OPTIONS request from CORS is the one that gets 403'd, then that is why it works fine when visiting directly. CORS Options/Prelight Requests don't contain auth headers, so if your API requires Auth, then you need to modify Express to send back cors headers/204 on the options request, which you can do manually or use some pre-existing package like expressjs/cors.
Stack Overflow
403 forbidden on express. Can't accept Authorization header
I have a REST Api, and all endpoints must send a response when the user has an authentication token (I use the jwt token). everything works fine when I test my code using postman, but from front not
BeboQ
BeboQOP2y ago
I figured out that connect.sid cookie by express-session is saved only in the subdomain
Want results from more Discord servers?
Add your server