View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0026275 | mantisbt | authorization | public | 2019-10-16 08:52 | 2024-02-28 10:43 |
Reporter | traynaud | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | unable to reproduce | ||
OS | windows | OS Version | 10 | ||
Product Version | 2.1.0 | ||||
Summary | 0026275: ERROR 403 Forbidden on Chrome and Firefox cause of cookies | ||||
Description | Many times a day we have this error. | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
The provided information is not sufficient to provide any help in resolving the issue. A complete and detailed description is required for the support team to get a clear understanding of the problem, starting with the URL being accessed that is throwing the 403 error. Your screenshot does not help at all. Note that Mantis 2.1.0 is nearly 3 years old. I strongly recommend that you upgrade to the latest release. At least you need to confirm that the problem can be reproduced in 2.22.1. Please explain what you do, what are the results you expect to get and what you actually get. Also provide detailed, step-by-step instructions to reproduce the issue; the additional information listed below may also be useful:
|
|
Sorry for missing informations : Infos Server OS: CENTOS_MANTISBT_PROJECT="CentOS-7" uname -r Infos Mantis: Version de MantisBT 2.1.0 Greffon Description Dépendances Priorité Protégé Actions Email Reporting 0.10.0 Offers the functionality to add issues and notes by email. Formatage de MantisBT 2.1.0 Plugin officiel de traitement et de formatage du texte. Graphiques Mantis 2.1.0 Plugin de graphiques officiel. MantisBT Core 2.1.0 Core Plugin API for the Mantis Bug Tracker. Greffon Description Dépendances Actions Infos php : php --version Browsers version : In google chrome there this message in console "Active resource loading counts reached a per-frame limit while the tab was in background. Network requests will be delayed until a previous loading finishes, or the tab is brought to the foreground. See https://www.chromestatus.com/feature/5527160148197376 for more details" |
|
I find two config files |
|
@traynaud I deleted your custom config file, as it contained a lot of sensitive information (passwords, crypto salt, etc). I strongly suggest you immediately change these passwords since they have potentially been compromised. Feel free to upload the file again, after removing anything that should not be available on a public web site. |
|
You have not responded on that Please check also, if problem persists without any 3rd party plugins (i.e. uninstall Email Reporting , MantisStats, MantisBT Markdown)
Please note that we require PHP 5.5 or later (although this is unlikely to be causing the problem you're facing) You may also want to check if there is anything in the webserver / PHP logs. |
|
We can't upgrade because we are using squash test and the compatibility is compromise for us after this version of mantis |
|
I'm asking for PHP updating |
|
It's your decision. Just consider 47 security issues fixed since 2.1.0... Also you need to demonstrate that the problem is reproducible in the latest release, because we don't support 2.1.0 anymore. |
|
Can you change the visibility of the ticket to private ? |
|
I could, but don't see the point - I already removed the file. |
|
Thank's you a lot for this fast removing |
|
Well I'm sorry but this is a public support channel for open-source software, and our policy is to leave everything visible for the benefits of the community. I'm willing to selectively edit out or remove other sensitive data as necessary if you tell me what it is, but not to hide the whole issue. |
|
Hi,
|
|
Hi dregad, Thank's you mtulodzi for your example |
|
Hello, It seems we have an issue with Dynatrace. In fact, Dynatrave creates a dtSa cookie. When it's populated, we have the 403 error, each time. The domains used by Dynatrace an Mantis are the same. We are actually testing this issue by configuring Dynatrace not to create this cookie (See attached image to do this). I'll keep you informed. Additional information to access this parameter : |
|
I was never able to reproduce this problem. Based on the last post 0026275:0063111 it would appear the offending behavior was caused by external software. Feel free to reopen with further details if the problem still exists today. |
|