DEVHIDE
Login Or Sign up

AJAX POST 403 Permission Denied Error - Even though I am sending auth headers

1.2k Views Asked by At

I'm getting this issue when trying to POST to my API. It returns the following error:

Uncaught Error.
{"meta":{"httpCode":403,"message":"Permission denied."},"data":[]}

The auth that I am sending works for the AJAX GET that populates the datatable on my page. I am wondering if my data is in the wrong format or something. The required data for the POST is simply name and description, so I don't believe I'm leaving anything out there. Can anyone see anything wrong in this code that might induce a 403 error?

    var name = $('#name').text();
    var description = $('#description').text();

    $('#add-category').on('click', function() {
        $.ajax({
            type: "POST",
            url: baseUrl + "api/categories",
            headers: {
                "Authorization": auth
            },
            data: {
                "name": name,
                "description": description
            },
            dataType: 'json',
            contentType: 'application/json',
            error: function(jqXHR, exception) {
                var msg = '';
                if (jqXHR.status === 0) {
                    msg = 'Not connected.\n Verify Network.';
                } else if (jqXHR.status == 404) {
                    msg = 'Requested page not found. [404]';
                } else if (jqXHR.status == 500) {
                    msg = 'Internal Server Error [500].';
                } else if (exception === 'parsererror') {
                    msg = 'Requested JSON parse failed.';
                } else if (exception === 'timeout') {
                    msg = 'Time out error.';
                } else if (exception === 'abort') {
                    msg = 'Ajax request aborted.';
                } else {
                    msg = 'Uncaught Error.\n' + jqXHR.responseText;
                }
                alert(msg);
            },
            success: function() {
                table.draw();
            }
        });
    });

Thanks for checking!

edit: this is the relevant function from the API, I don't see anything about 403 errors. Maybe I should look elsewhere in the API?

public function categories_post()
{
    $this->requirePermission('categories.create');

    if (!$postData = $this->post(null, false)) {
        $this->errorResponse('Request missing category data in request body.', 405);
    }

    // @TODO Better Validation.
    $postData = $this->xssClean($postData);

    $category = $this->gameService->createCategory($postData);
    $categoryData = $this->categoryHydrator->extract($category);
    $this->response($categoryData, 200);
    die;

}

permission:

protected function requirePermission($permission, $assertion = null)
{
    if (!$this->rbac->isGranted($this->fixUser->ufUser->getRole(), $permission, $assertion)) {
        $this->errorResponse('Permission denied.', 403);
        die;
    }

    return true;
}
jquery ajax api post http-status-code-403
Original Q&A
1

There are 1 best solutions below

1
On BEST ANSWER

403 http error code is a common error returned by frameworks (and others) when they throw unauthorize exception.

It could be from the security context of you application (is your front-end really authorized or does it needs to login?)

It could be for internal security check, like your function requirePermission('categories.create');

Related Questions in JQUERY

Related Questions in AJAX

Related Questions in API

Related Questions in POST

Related Questions in HTTP-STATUS-CODE-403

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.