The Limit and Script directives are there from attempts to get it to work. 
 As far as I can tell, they don't have any effect. I didn't have them when 
I first started getting the error, and - after removing - I still get it. 
 I can get the error with or without cookies.  When I use curl, I am 
sending along my auth information using '-u', which works just fine with 
POST.

This seems like it is apache throwing the error, not django, but I'm just 
not sure what to do to fix it.

I'm using:
Firefox 15.0.1
ReviewBoard 1.6.11
Django 1.3.3 (final)
Apache/2.2.3
Python 2.6.8
CentOS release 5.8 (Final)
SELinux is disabled

URL:
PUT https://hostsite.com/reviews/api/review-requests/1/draft/

Request Data:
api_format=json&description=Updating+description

Request Headers
Accept application/json, text/javascript, */*
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Connection keep-alive
Content-Length 48
Content-Type application/x-www-form-urlencoded; charset=UTF-8
Cookie rbsessionid=f9e5be5681ed545045d698d53ea4ff9f; (etc)
DNT 1
Host hostsite.com
Referer https://hostsite.com/reviews/r/1/
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:15.0) 
Gecko/20100101 Firefox/15.0.1
X-Requested-With XMLHttpRequest

Response:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /reviews/api/review-requests/1/draft/
on this server.</p>
</body></html>

Response Headers
Connection close
Content-Encoding gzip
Content-Length 198
Content-Type text/html; charset=iso-8859-1
Date Wed, 12 Sep 2012 20:06:53 GMT
Server Apache/2.2.3 (CentOS)
Vary Accept-Encoding


On Wednesday, September 12, 2012 1:22:31 PM UTC-6, Christian Hammond wrote:
>
> Hi Brian,
>
> Haven't seen that before. Well, first thing that stands out to me is that 
> you shouldn't need the Limit/Script lines, do I'd get rid of them.
>
> You can get the 403 if you don't have cookies working right.
>
> Which version of Review Board are you using, and which browser?
>
> Most browsers have built-in development tools now, and you should be able 
> to see the network activity. Can you find that, bring it up, and then 
> reproduce it? You should be able to see the headers and the 
> request/responses. If you can provide all these, it'd help me narrow it 
> down.
>
> Christian
>
>
>
> On Sep 12, 2012, at 11:24, Brian Armstrong <kf7...@gmail.com <javascript:>> 
> wrote:
>
> I am running reviewboard at the "/reviews" url of a server that handles 
> many different things. Whenever I try to edit a review it makes an ajax PUT 
> request to the API to update the item I changed.
>
> Here is what the "Server Error Details" shows me
>
> *Error Code:* 403
>
> *Error Text:* Forbidden
>
> *Request URL:* /reviews/api/review-requests/1/draft/
>
> *Request Data:* summary=Changing+the+summary
>
> This is being caused by apache2 (CentOS 5) with mod_wsgi.  The only thing 
> I get is an entry in the access log telling me the request was 403'd, 
> nothing else.
>
> When using curl, I can get the requests to work every time by using POST 
> instead of PUT.
>
>
> Here is the config section specific to reviewboard
>
> WSGIPassAuthorization On
> WSGIScriptAlias /reviews /var/reviewboard/
> rb.dev.qualtrics.com/htdocs/reviewboard.wsgi/reviews
> <Directory /var/reviewboard/rb.dev.qualtrics.com/htdocs>
>     AllowOverride All
>     Options -Indexes FollowSymLinks +ExecCGI
>     
>     Order allow,deny
>     Allow from all
>     
>     <Limit PUT DELETE>
>         Allow from all
>     </Limit>
>     Script PUT /reviews
>     Script DELETE /reviews
> </Directory>
> # Static media for reviewboard
> Alias /reviews/media /var/reviewboard/rb.dev.qualtrics.com/htdocs/media
> Alias /reviews/errordocs /var/reviewboard/
> rb.dev.qualtrics.com/htdocs/errordocs
> Alias /reviews/favicon.ico /var/reviewboard/
> rb.dev.qualtrics.com/htdocs/media/rbcommons/images/favicon.png
>
> I have searched the internet for hours trying to find a solution (since I 
> know 403 is the default response to PUT requests with apache), but I 
> haven't been able to find anything that works. I haven't been able to find 
> anything relevant in this mailing list either.
>
> Wondering if anyone has any insight...
>
> -- 
> Want to help the Review Board project? Donate today at 
> http://www.reviewboard.org/donate/
> Happy user? Let us know at http://www.reviewboard.org/users/
> -~----------~----~----~----~------~----~------~--~---
> To unsubscribe from this group, send email to 
> reviewboard...@googlegroups.com <javascript:>
> For more options, visit this group at 
> http://groups.google.com/group/reviewboard?hl=en
>
>

-- 
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to