Page 1 of 1

403 Error From Transition on Specific Issue

Posted: Fri May 12, 2017 6:45 pm
by catdad
Here is a strange one. With one issue in particular, I'm getting a 403 error when trying to complete a transition from a custom workflow:

----------
Forbidden

You don't have permission to access /public/<project name>/30/transition/41 on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
----------

If I run the same transition from another issue with the same status/workflow/etc, it works fine. This is the case whether I'm viewing the issue or running the transition from a view. I assume the '30' above is the issue number, which is correct in this case. I thought at first maybe it could be because there was a ':' in the issue title, but I renamed it and the issue persists. I compared the issue ID to others in the database and didn't notice anything unusual. Developer tools console in Chrome doesn't provide any additional info. Any ideas?

Re: 403 Error From Transition on Specific Issue

Posted: Mon May 15, 2017 4:58 pm
by catdad
Update: I've since replicated this issue on another ticket, with the original transition and with another. I got a bit more info this time from Chrome's developer tools console:

prototype.js:1530 POST https://<url>/public/<project>/transition/40 403 (Forbidden)
request @ prototype.js:1530
initialize @ prototype.js:1495
(anonymous) @ prototype.js:429
klass @ prototype.js:101
TBG.Main.Helpers.ajax @ tbg.js?bust=4.1.13:715
TBG.Search.interactiveWorkflowTransition @ tbg.js?bust=4.1.13:6285
onsubmit @ def-37:1

Re: 403 Error From Transition on Specific Issue

Posted: Mon May 15, 2017 9:08 pm
by catdad
Issue resolved (maybe)

The issue looks to have been caused by my hosting provider modifying CPanel ModSecurity rule sets. Disabling ModSecurity for the site resolved the issue and we are looking into the rule sets on their end.