403 Forbidden in production

Hey ! I'm trying to deploy to production, site is working well but filament admin panel shows 403 forbidden after login I've implemented the filament contract (returns true for testing purpose)
use Filament\Models\Contracts\FilamentUser;
use Filament\Panel;
// other imports...
class User extends Authenticatable implements MustVerifyEmail, FilamentUser {
// not using filament trait
// other methods...
public function canAccessPanel(Panel $panel): bool
{
return true;
}
}
use Filament\Models\Contracts\FilamentUser;
use Filament\Panel;
// other imports...
class User extends Authenticatable implements MustVerifyEmail, FilamentUser {
// not using filament trait
// other methods...
public function canAccessPanel(Panel $panel): bool
{
return true;
}
}
(Without this implementation I get the 403 forbidden before being able to try login (as intended by Filament)) I can access the filament login page, but once I'm logged in my newly created filament user using:
php artisan make:filament-user
php artisan make:filament-user
I get 403 Forbidden and need to clear browser cache to be able to attempt new login If email/password is wrong I get the normal error and can't login Everything works fine in local env Using apache2 proxypass to docker container running my app Any clues ? Thank you.
Solution:
Oh i'm actually not using the correct user model... Filament is using Admin model and not User. (might change that) It works after updating the Admin model, stupid mistake! Thank you !...
Jump to solution
9 Replies
Dennis Koch
Dennis Koch3mo ago
Any Policies, Permission system or similar? The 403 is coming form Laravel not Apache, right?
Vodyanoï
Vodyanoï3mo ago
Nothing special, the system is quite permissive and no policies set in Laravel providers 403 is from Laravel (default 403 Forbidden page) I can share debug bar exception trace if it can help : last 10 calls :
vendor/laravel/framework/src/Illuminate/Foundation/Application.php#Symfony\Component\HttpKernel\Exception\HttpException


throw new NotFoundHttpException($message, null, 0, $headers);
}

throw new HttpException($code, $message, null, $headers);
}

/**

array:45 [▼
0 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Foundation/helpers.php"
"line" => 45
"function" => "abort"
"class" => "Illuminate\Foundation\Application"
"type" => "->"
"args" => array:3 [▶]
]
1 => array:4 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Foundation/helpers.php"
"line" => 65
"function" => "abort"
"args" => array:3 [▶]
]
2 => array:4 [▼
"file" => "vendor/filament/filament/src/Http/Middleware/Authenticate.php"
"line" => 32
"function" => "abort_if"
"args" => array:2 [▶]
]
3 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php"
"line" => 55
"function" => "authenticate"
"class" => "Filament\Http\Middleware\Authenticate"
"type" => "->"
"args" => array:2 [▶]
]
4 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php"
"line" => 183
"function" => "handle"
"class" => "Illuminate\Auth\Middleware\Authenticate"
"type" => "->"
"args" => array:2 [▶]
]
5 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php"
"line" => 49
"function" => "Illuminate\Pipeline\{closure}"
"class" => "Illuminate\Pipeline\Pipeline"
"type" => "->"
"args" => array:1 [▶]
]
6 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php"
"line" => 183
"function" => "handle"
"class" => "Illuminate\View\Middleware\ShareErrorsFromSession"
"type" => "->"
"args" => array:2 [▶]
]
7 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php"
"line" => 121
"function" => "Illuminate\Pipeline\{closure}"
"class" => "Illuminate\Pipeline\Pipeline"
"type" => "->"
"args" => array:1 [▶]
]
8 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php"
"line" => 64
"function" => "handleStatefulRequest"
"class" => "Illuminate\Session\Middleware\StartSession"
"type" => "->"
"args" => array:3 [▶]
]
9 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php"
"line" => 183
"function" => "handle"
"class" => "Illuminate\Session\Middleware\StartSession"
"type" => "->"
"args" => array:2 [▶]
]
vendor/laravel/framework/src/Illuminate/Foundation/Application.php#Symfony\Component\HttpKernel\Exception\HttpException


throw new NotFoundHttpException($message, null, 0, $headers);
}

throw new HttpException($code, $message, null, $headers);
}

/**

array:45 [▼
0 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Foundation/helpers.php"
"line" => 45
"function" => "abort"
"class" => "Illuminate\Foundation\Application"
"type" => "->"
"args" => array:3 [▶]
]
1 => array:4 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Foundation/helpers.php"
"line" => 65
"function" => "abort"
"args" => array:3 [▶]
]
2 => array:4 [▼
"file" => "vendor/filament/filament/src/Http/Middleware/Authenticate.php"
"line" => 32
"function" => "abort_if"
"args" => array:2 [▶]
]
3 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php"
"line" => 55
"function" => "authenticate"
"class" => "Filament\Http\Middleware\Authenticate"
"type" => "->"
"args" => array:2 [▶]
]
4 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php"
"line" => 183
"function" => "handle"
"class" => "Illuminate\Auth\Middleware\Authenticate"
"type" => "->"
"args" => array:2 [▶]
]
5 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php"
"line" => 49
"function" => "Illuminate\Pipeline\{closure}"
"class" => "Illuminate\Pipeline\Pipeline"
"type" => "->"
"args" => array:1 [▶]
]
6 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php"
"line" => 183
"function" => "handle"
"class" => "Illuminate\View\Middleware\ShareErrorsFromSession"
"type" => "->"
"args" => array:2 [▶]
]
7 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php"
"line" => 121
"function" => "Illuminate\Pipeline\{closure}"
"class" => "Illuminate\Pipeline\Pipeline"
"type" => "->"
"args" => array:1 [▶]
]
8 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php"
"line" => 64
"function" => "handleStatefulRequest"
"class" => "Illuminate\Session\Middleware\StartSession"
"type" => "->"
"args" => array:3 [▶]
]
9 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php"
"line" => 183
"function" => "handle"
"class" => "Illuminate\Session\Middleware\StartSession"
"type" => "->"
"args" => array:2 [▶]
]
Dennis Koch
Dennis Koch3mo ago
Stack traces always help 🙂 I think this part is relevant. What's line 55 in Filament\Http\Middleware\Authenticate (or is it Illuminate/Auth/Middleware/Authenticate ?). In my version that line is a comment or not existing.
3 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php"
"line" => 55
"function" => "authenticate"
"class" => "Filament\Http\Middleware\Authenticate"
"type" => "->"
"args" => array:2 [▶]
]
3 => array:6 [▼
"file" => "vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php"
"line" => 55
"function" => "authenticate"
"class" => "Filament\Http\Middleware\Authenticate"
"type" => "->"
"args" => array:2 [▶]
]
I'd focus on Filament\Http\Middleware\Authenticate. Is 403 thrown by this?
abort_if(
$user instanceof FilamentUser ?
(! $user->canAccessPanel($panel)) :
(config('app.env') !== 'local'),
403,
);
abort_if(
$user instanceof FilamentUser ?
(! $user->canAccessPanel($panel)) :
(config('app.env') !== 'local'),
403,
);
Then your code might not be up to date?
Vodyanoï
Vodyanoï3mo ago
Looks like it is :
2 => array:4 [▼
"file" => "vendor/filament/filament/src/Http/Middleware/Authenticate.php"
"line" => 32
"function" => "abort_if"
"args" => array:2 [▼
0 => true
1 => 403
]
]
2 => array:4 [▼
"file" => "vendor/filament/filament/src/Http/Middleware/Authenticate.php"
"line" => 32
"function" => "abort_if"
"args" => array:2 [▼
0 => true
1 => 403
]
]
abort_if(
$user instanceof FilamentUser ?
(! $user->canAccessPanel($panel)) :
(config('app.env') !== 'local'),
403,
);
abort_if(
$user instanceof FilamentUser ?
(! $user->canAccessPanel($panel)) :
(config('app.env') !== 'local'),
403,
);
It shouldn't be there in new versions ?
Dennis Koch
Dennis Koch3mo ago
It should be there. Line 32 is the same as for me. What does dd($user instanceof FilamentUser, $user->canAccessPanel($panel)) return?
Vodyanoï
Vodyanoï3mo ago
It returns false. So User model is not updated.
I don't actually understand why, I cleared artisan's and browser's cache
Dennis Koch
Dennis Koch3mo ago
Maybe related to your docker container? Or OPCache
Solution
Vodyanoï
Vodyanoï3mo ago
Oh i'm actually not using the correct user model... Filament is using Admin model and not User. (might change that) It works after updating the Admin model, stupid mistake! Thank you !
Dennis Koch
Dennis Koch3mo ago
Great.
Want results from more Discord servers?
Add your server