Error when saving document: 403 Forbidden when upgrading to 26 version
Having trouble deploying Oxygen XML Web Author? Got a bug to report? Post it all here.
Error when saving document: 403 Forbidden when upgrading to 26 version
Hello,
We are using Web Author. We are opening and saving documents through Rest (oxygen.html?url=http://ourcms/document.dita)
Everything worked fine with version 25.1. But when I tried to upgrade to version 26.1, saving document no longer worked.
I systematically get a popup saying Error when saving document: 403 Forbidden for: http://ourcms/document.dita
Do you have an idea about this issue?
Thanks,
Johann
We are using Web Author. We are opening and saving documents through Rest (oxygen.html?url=http://ourcms/document.dita)
Everything worked fine with version 25.1. But when I tried to upgrade to version 26.1, saving document no longer worked.
I systematically get a popup saying Error when saving document: 403 Forbidden for: http://ourcms/document.dita
Do you have an idea about this issue?
Thanks,
Johann
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Hello,
Thank you for contacting us.
To thoroughly investigate what could be causing the error, it is necessary to enable detailed logging of the HTTP requests [1] sent by Oxygen XML Web Author and attach them to be analyzed
[1] https://www.oxygenxml.com/doc/versions/ ... -logs.html
Best,
Cosmin
Thank you for contacting us.
To thoroughly investigate what could be causing the error, it is necessary to enable detailed logging of the HTTP requests [1] sent by Oxygen XML Web Author and attach them to be analyzed
[1] https://www.oxygenxml.com/doc/versions/ ... -logs.html
Best,
Cosmin
Cosmin Eftenie
www.oxygenxml.com
www.oxygenxml.com
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Hello,
I've done what you recommended for the logs.
Here are the 2 logs I get when I save the file.
With oxygen 25.1 version :
With oxygen 26.1 version :
Any idea?
Regards,
Johann
I've done what you recommended for the logs.
Here are the 2 logs I get when I save the file.
With oxygen 25.1 version :
Code: Select all
2024-05-21 17:05:07,778 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: standard
2024-05-21 17:05:07,779 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {}->http://host.docker.internal:9111][total kept alive: 2; route allocated: 1 of 4096; total allocated: 2 of 4096]
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 2][route: {}->http://host.docker.internal:9111][total kept alive: 1; route allocated: 1 of 4096; total allocated: 2 of 4096]
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-2: set socket timeout to 0
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-2: set socket timeout to 20000
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 >> PUT /contentfactory/api/v1/dita/en-GB/TPC_rail-task_000000001.dita HTTP/1.1
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 >> X-Requested-With: WebAuthor
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 >> User-Agent: ContentFactory-WebAuthor-Plugin
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 >> Content-Type: */*; charset=UTF-8
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 >> Cookie: oxy_lang=fr_FR; JSESSIONID=1CD52A4EFA8C34993B0E61A0E7F3D821; WEB-AUTHOR-JSESSIONID=2a0f2739-0b4e-4349-927e-eebfd87b2a3e; _uid=user-5599257273907507865; Idea-67f26e17=5c9681d4-aaa0-4dce-9fe6-979bd576dfd0;
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 >> Content-Length: 295
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 >> Host: host.docker.internal:9111
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 >> Connection: Keep-Alive
2024-05-21 17:05:07,785 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 >> Accept-Encoding: gzip,deflate
2024-05-21 17:05:08,077 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << HTTP/1.1 200
2024-05-21 17:05:08,077 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << Vary: Origin
2024-05-21 17:05:08,077 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << Vary: Access-Control-Request-Method
2024-05-21 17:05:08,077 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << Vary: Access-Control-Request-Headers
2024-05-21 17:05:08,077 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << Set-Cookie: XSRF-TOKEN=d78d8f1f-8ff2-4458-bb9a-51719f590fad; Path=/contentfactory
2024-05-21 17:05:08,077 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << Set-Cookie: JSESSIONID=1CD52A4EFA8C34993B0E61A0E7F3D821; Path=/web-author-component; HttpOnly
2024-05-21 17:05:08,077 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << Cache-Control: no-cache, must-revalidate
2024-05-21 17:05:08,077 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << Expires: 0
2024-05-21 17:05:08,077 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << X-Content-Type-Options: nosniff
2024-05-21 17:05:08,078 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << X-XSS-Protection: 1; mode=block
2024-05-21 17:05:08,078 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << X-Frame-Options: SAMEORIGIN
2024-05-21 17:05:08,078 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << Content-Length: 0
2024-05-21 17:05:08,078 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << Date: Tue, 21 May 2024 15:05:08 GMT
2024-05-21 17:05:08,078 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << Keep-Alive: timeout=20
2024-05-21 17:05:08,078 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-2 << Connection: keep-alive
2024-05-21 17:05:08,078 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection [id: 2][route: {}->http://host.docker.internal:9111] can be kept alive for 20.0 seconds
2024-05-21 17:05:08,078 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-2: set socket timeout to 0
2024-05-21 17:05:08,078 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 2][route: {}->http://host.docker.internal:9111][total kept alive: 2; route allocated: 1 of 4096; total allocated: 2 of 4096]
2024-05-21 17:05:08,079 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.client.protocol.ResponseProcessCookies - Cookie accepted [XSRF-TOKEN="d78d8f1f-8ff2-4458-bb9a-51719f590fad", version:0, domain:host.docker.internal, path:/contentfactory, expiry:null]
2024-05-21 17:05:08,079 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.client.protocol.ResponseProcessCookies - Cookie accepted [JSESSIONID="1CD52A4EFA8C34993B0E61A0E7F3D821", version:0, domain:host.docker.internal, path:/web-author-component, expiry:null]
Code: Select all
2024-05-21 16:56:15,937 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: standard
2024-05-21 16:56:15,938 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {}->http://host.docker.internal:9111][total kept alive: 2; route allocated: 1 of 4096; total allocated: 2 of 4096]
2024-05-21 16:56:15,938 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.CPool - Connection [id:13][route:{}->http://host.docker.internal:9111][state:null] expired @ Tue May 21 16:50:54 CEST 2024
2024-05-21 16:56:15,938 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-13: Close connection
2024-05-21 16:56:15,938 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 22][route: {}->http://host.docker.internal:9111][total kept alive: 1; route allocated: 1 of 4096; total allocated: 2 of 4096]
2024-05-21 16:56:15,940 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to host.docker.internal/192.168.0.33:9111
2024-05-21 16:56:15,942 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 192.168.0.33:54997<->192.168.0.33:9111
2024-05-21 16:56:15,942 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-22: set socket timeout to 20000
2024-05-21 16:56:15,942 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 >> PUT /contentfactory/api/v1/dita/en-GB/TPC_rail-task_000000001.dita HTTP/1.1
2024-05-21 16:56:15,942 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 >> X-Requested-With: x
2024-05-21 16:56:15,942 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 >> User-Agent: ContentFactory-WebAuthor-Plugin
2024-05-21 16:56:15,942 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 >> Content-Type: */*; charset=UTF-8
2024-05-21 16:56:15,942 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 >> Cookie: oxy_lang=fr_FR; JSESSIONID=1CD52A4EFA8C34993B0E61A0E7F3D821; WEB-AUTHOR-JSESSIONID=b7f4c2da-470f-4708-8cf9-f79a27a1bbfd; _uid=user-5599257273907507865; Idea-67f26e17=5c9681d4-aaa0-4dce-9fe6-979bd576dfd0;
2024-05-21 16:56:15,942 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 >> Content-Length: 296
2024-05-21 16:56:15,942 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 >> Host: host.docker.internal:9111
2024-05-21 16:56:15,942 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 >> Connection: Keep-Alive
2024-05-21 16:56:15,942 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 >> Accept-Encoding: gzip,deflate
2024-05-21 16:56:15,944 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << HTTP/1.1 403
2024-05-21 16:56:15,944 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Vary: Origin
2024-05-21 16:56:15,944 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Vary: Access-Control-Request-Method
2024-05-21 16:56:15,944 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Vary: Access-Control-Request-Headers
2024-05-21 16:56:15,944 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Set-Cookie: XSRF-TOKEN=1f52d4a1-9304-441f-b7a0-8b4a431662bc; Path=/contentfactory
2024-05-21 16:56:15,944 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << X-Content-Type-Options: nosniff
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << X-XSS-Protection: 1; mode=block
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Cache-Control: no-cache, no-store, max-age=0, must-revalidate
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Pragma: no-cache
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Expires: 0
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << X-Frame-Options: SAMEORIGIN
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Content-Type: text/html;charset=utf-8
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Content-Language: en
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Content-Length: 649
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Date: Tue, 21 May 2024 14:56:15 GMT
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Keep-Alive: timeout=20
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.headers - http-outgoing-22 << Connection: keep-alive
2024-05-21 16:56:15,945 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.client.protocol.ResponseProcessCookies - Cookie accepted [XSRF-TOKEN="1f52d4a1-9304-441f-b7a0-8b4a431662bc", version:0, domain:host.docker.internal, path:/contentfactory, expiry:null]
2024-05-21 16:56:15,946 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection [id: 22][route: {}->http://host.docker.internal:9111] can be kept alive for 20.0 seconds
2024-05-21 16:56:15,946 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-22: set socket timeout to 0
2024-05-21 16:56:15,946 DEBUG [ http-nio-8092-exec-4 ] org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 22][route: {}->http://host.docker.internal:9111][total kept alive: 2; route allocated: 1 of 4096; total allocated: 2 of 4096]
2024-05-21 16:56:16,114 DEBUG [ Finalizer ] org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager is shutting down
2024-05-21 16:56:16,114 DEBUG [ Finalizer ] org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-18: Close connection
2024-05-21 16:56:16,114 DEBUG [ Finalizer ] org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager shut down
Regards,
Johann
-
cristi_talau
- Posts: 500
- Joined: Thu Sep 04, 2014 4:22 pm
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Post by cristi_talau »
Hello,
The only difference I can see is the X-Requested-With header changed from Webauthor to "x" and the Content-Length from 295 to 296. The cookies that I guess that are related to authentication seem to be the same.
Can you make your server print more details about why it reject the request as Forbidden? Does it recognize Web Author as acting on behalf of the correct user?
Best,
Cristian
The only difference I can see is the X-Requested-With header changed from Webauthor to "x" and the Content-Length from 295 to 296. The cookies that I guess that are related to authentication seem to be the same.
Can you make your server print more details about why it reject the request as Forbidden? Does it recognize Web Author as acting on behalf of the correct user?
Best,
Cristian
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Hello,
On the CMS server side, indeed, we control that X-Requested-With header is equal to "Webauthor" to authorize the URL connection.
I do not understand why the X-Requested-With header value is changed to "x" when I only upgrade oxygen dependencies from 25.1 to 26.1.
I did not change any line of code and I test on the same CMS server.
Johann
On the CMS server side, indeed, we control that X-Requested-With header is equal to "Webauthor" to authorize the URL connection.
I do not understand why the X-Requested-With header value is changed to "x" when I only upgrade oxygen dependencies from 25.1 to 26.1.
I did not change any line of code and I test on the same CMS server.
Johann
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Hello,
I found a difference between the code of the ro.sync.ecss.webapp.access.j#save methods (25.1 versus 26.1)
That line appeared in 26.1 version:
That could explain the behaviour.
So what's the best way to transmit the header I need when saving the document?
Thank you for your help,
Johann
I found a difference between the code of the ro.sync.ecss.webapp.access.j#save methods (25.1 versus 26.1)
That line appeared in 26.1 version:
Code: Select all
this.pqo(var5, Collections.singletonMap("X-Requested-With", "x"));
So what's the best way to transmit the header I need when saving the document?
Thank you for your help,
Johann
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Hello,
We registered an issue (WA-7446) on our internal issue tracker to avoid setting the X-Requested-With header on the save request made to the CMS.
In the meantime, untill the bug is fixed, you can try customizing you plugin that installs the custom UrlStreamHandler so that it returns a UrlConnection that implements java.net.URLConnection.addRequestProperty("X-Requested-With", "...") so that it allows you to override the header or forces the value to your custom value instead of "X".
Best,
Cosmin
We registered an issue (WA-7446) on our internal issue tracker to avoid setting the X-Requested-With header on the save request made to the CMS.
In the meantime, untill the bug is fixed, you can try customizing you plugin that installs the custom UrlStreamHandler so that it returns a UrlConnection that implements java.net.URLConnection.addRequestProperty("X-Requested-With", "...") so that it allows you to override the header or forces the value to your custom value instead of "X".
Best,
Cosmin
Cosmin Eftenie
www.oxygenxml.com
www.oxygenxml.com
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Hello Cosmin,
I tried to put the addRequestProperty("X-Requested-With", "...") at different locations but the "x" value is still present at the end when saving the document.
I have the impression that the override made in the save method inevitably takes over. Can you override the header value on your side? If so, I'd appreciate it if you'd send me the code snippet to get me unblocked.
Thanks,
Johann
I tried to put the addRequestProperty("X-Requested-With", "...") at different locations but the "x" value is still present at the end when saving the document.
I have the impression that the override made in the save method inevitably takes over. Can you override the header value on your side? If so, I'd appreciate it if you'd send me the code snippet to get me unblocked.
Thanks,
Johann
-
Bogdan Dumitru
- Site Admin
- Posts: 145
- Joined: Tue Mar 20, 2018 5:28 pm
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Post by Bogdan Dumitru »
Hello Johann,
Do you have a plugin.xml with an "URLHandler" extension, right? If yes, you can fix it in the URLStreamHandler returned by this extension. Go in the URLStreamHandler.openConnection method and before returning the URLConnection, set the "X-Requested-With" header with the desired value. This way you will set your header first, before we call addRequestProperty("X-Requested-With", "x"), so your value will win.
Another thing that you may consider is that the CMS server should receive all the "X-Requested-With" headers, the one that we set and the one that you set. So, in theory, you can check in the CMS that there is at least one header with "Webauthor" value, not just the first one.
In Java there are two methods: a) javax.servlet.http.HttpServletRequest.getHeader(String) that returns only the first header and b) javax.servlet.http.HttpServletRequest.getHeaders(String) that returns all the headers.
By the way, if you call javax.servlet.http.HttpServletResponse.addHeader("X-Requested-With", "Webauthor") you may swtich to javax.servlet.http.HttpServletResponse.setHeader("X-Requested-With", "Webauthor") because "setHeader" overrides the initial value.
Do you have a plugin.xml with an "URLHandler" extension, right? If yes, you can fix it in the URLStreamHandler returned by this extension. Go in the URLStreamHandler.openConnection method and before returning the URLConnection, set the "X-Requested-With" header with the desired value. This way you will set your header first, before we call addRequestProperty("X-Requested-With", "x"), so your value will win.
Another thing that you may consider is that the CMS server should receive all the "X-Requested-With" headers, the one that we set and the one that you set. So, in theory, you can check in the CMS that there is at least one header with "Webauthor" value, not just the first one.
In Java there are two methods: a) javax.servlet.http.HttpServletRequest.getHeader(String) that returns only the first header and b) javax.servlet.http.HttpServletRequest.getHeaders(String) that returns all the headers.
By the way, if you call javax.servlet.http.HttpServletResponse.addHeader("X-Requested-With", "Webauthor") you may swtich to javax.servlet.http.HttpServletResponse.setHeader("X-Requested-With", "Webauthor") because "setHeader" overrides the initial value.
Bogdan Dumitru
http://www.oxygenxml.com
http://www.oxygenxml.com
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Hello Bogdan,
I added this code inside our AuthorURLStreamHandler:
Unfortunately, apache logs still show "x" for "X-Requested-With" header.
As you suggested, maybe the two values of the header are sent but I do not have easy access on our CMS code...
I'm a bit skeptical as the apache logs don't mention this new value or possibly double value.
Johann
I added this code inside our AuthorURLStreamHandler:
Code: Select all
@Override
protected URLConnection openConnectionInContext(String contextId, URL url, Proxy proxy) throws IOException {
URLConnection urlConnection = computeUrl(url).openConnection();
AuthorURLConnection connection = new AuthorURLConnection(contextId, urlConnection);
connection.addRequestProperty("X-Requested-With", "WebAuthor");
return connection;
}
Code: Select all
2024-05-24 12:35:44,863 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 >> PUT /contentfactory/api/v1/dita/en-GB/TPC_rail-task_000000002.dita HTTP/1.1
2024-05-24 12:35:44,863 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 >> X-Requested-With: x
2024-05-24 12:35:44,863 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 >> User-Agent: ContentFactory-WebAuthor-Plugin
2024-05-24 12:35:44,863 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 >> Content-Type: */*; charset=UTF-8
2024-05-24 12:35:44,863 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 >> Cookie: oxy_lang=fr_FR; JSESSIONID=5A17D63D6051EBDC709F68BF87A85240; WEB-AUTHOR-JSESSIONID=a3e10ca7-e54d-4671-984b-1b65f2843196; _uid=user-5599257273907507865; Idea-67f26e17=5c9681d4-aaa0-4dce-9fe6-979bd576dfd0;
2024-05-24 12:35:44,863 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 >> Content-Length: 288
2024-05-24 12:35:44,863 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 >> Host: localhost:9111
2024-05-24 12:35:44,863 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 >> Connection: Keep-Alive
2024-05-24 12:35:44,863 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 >> Accept-Encoding: gzip,deflate
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << HTTP/1.1 403
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Vary: Origin
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Vary: Access-Control-Request-Method
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Vary: Access-Control-Request-Headers
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Set-Cookie: XSRF-TOKEN=16134d3a-4348-425c-b43a-8730bc8e23e2; Path=/contentfactory
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << X-Content-Type-Options: nosniff
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << X-XSS-Protection: 1; mode=block
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Cache-Control: no-cache, no-store, max-age=0, must-revalidate
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Pragma: no-cache
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Expires: 0
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << X-Frame-Options: SAMEORIGIN
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Content-Type: text/html;charset=utf-8
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Content-Language: en
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Content-Length: 649
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Date: Fri, 24 May 2024 10:35:44 GMT
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Keep-Alive: timeout=20
2024-05-24 12:35:44,866 DEBUG [ http-nio-8092-exec-2 ] org.apache.http.headers - http-outgoing-7 << Connection: keep-alive
I'm a bit skeptical as the apache logs don't mention this new value or possibly double value.
Johann
-
Bogdan Dumitru
- Site Admin
- Posts: 145
- Joined: Tue Mar 20, 2018 5:28 pm
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Post by Bogdan Dumitru »
Hello Johann,
Can you try overriding AuthorURLConnection.setRequestProperty(String, String) somewhat like this:
Can you try overriding AuthorURLConnection.setRequestProperty(String, String) somewhat like this:
Code: Select all
@Override
public void setRequestProperty(String key, String value) {
if ("X-Requested-With".equals(key)) {
super.setRequestProperty("X-Requested-With", "WebAuthor");
} else {
super.setRequestProperty(key, value);
}
}
Bogdan Dumitru
http://www.oxygenxml.com
http://www.oxygenxml.com
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Hello Bogdan,
Ok, it's working with your last suggestion. Thank you for your help!
Nevertheless, can you let me know through this post when the patch is released so that I can remove this workaround from my code?
Thank you!
Johann
Ok, it's working with your last suggestion. Thank you for your help!
Nevertheless, can you let me know through this post when the patch is released so that I can remove this workaround from my code?
Thank you!
Johann
-
Bogdan Dumitru
- Site Admin
- Posts: 145
- Joined: Tue Mar 20, 2018 5:28 pm
Re: Error when saving document: 403 Forbidden when upgrading to 26 version
Post by Bogdan Dumitru »
Sure!
Bogdan Dumitru
http://www.oxygenxml.com
http://www.oxygenxml.com
Jump to
- Oxygen XML Editor/Author/Developer
- ↳ Feature Request
- ↳ Common Problems
- ↳ DITA (Editing and Publishing DITA Content)
- ↳ SDK-API, Frameworks - Document Types
- ↳ DocBook
- ↳ TEI
- ↳ XHTML
- ↳ Other Issues
- Oxygen XML Web Author
- ↳ Feature Request
- ↳ Common Problems
- Oxygen Content Fusion
- ↳ Feature Request
- ↳ Common Problems
- Oxygen JSON Editor
- ↳ Feature Request
- ↳ Common Problems
- Oxygen PDF Chemistry
- ↳ Feature Request
- ↳ Common Problems
- Oxygen Feedback
- ↳ Feature Request
- ↳ Common Problems
- Oxygen XML WebHelp
- ↳ Feature Request
- ↳ Common Problems
- XML
- ↳ General XML Questions
- ↳ XSLT and FOP
- ↳ XML Schemas
- ↳ XQuery
- NVDL
- ↳ General NVDL Issues
- ↳ oNVDL Related Issues
- XML Services Market
- ↳ Offer a Service