Ajax lib service 403 forbidden

Ajax lib service 403 forbidden

Milos Milosavljevic -
Erantzun kopurua: 2
Moodle started popping up messages titled "Undefined".



Inspected browser's console and got 403 Forbidden error on GET request on /lib/ajax/service-nologin.php from jquery-3.6.4.min.js
on ajaxTransport function.





Application is runs in docker container.
No error logs in Apache on this events.
Tried to switch to default theme, no result.
No basic settings in Moodle is changed, no new plugins installed, no Apache config is changed when error message started to appear.

On Course edit page also getting 403 error in events.js and first.js in all js async functions.














Puntuazioen batez bestekoa: -
Milos Milosavljevic(e)ri erantzunda

Re: Ajax lib service 403 forbidden

Leon Stringer -
Core developers-ren irudia Particularly helpful Moodlers-ren irudia
But are you seeing these requests in the Apache access logs (not error logs)? If it's your web server or Moodle sending 403 Forbidden then you will see these in your logs. If it's something external (for example, a WAF like ModSecurity) then these requests won't appear in the access logs because they're being blocked before getting to Apache. See point 2. in this reply for an example request in the Apache access log. (This reply may also help).
Puntuazioen batez bestekoa: -
Leon Stringer(e)ri erantzunda

Re: Ajax lib service 403 forbidden

Milos Milosavljevic -
I found access logs, no logs for 403.
Then I created my own js script to fetch data from my php source (status 200), to fetch data from php source which intentionally returns 403 (it was logged in access logs) and finally to fetch data from /lib/ajax/service-nologin.php which returned 403 without any log.
So I guess you are right since my Moodle app runs in docker but physically it is on very protected server, I will contact maintenance guys to check if they have some kind of protection.
I also noticed that ajax calls to /lib/ajax/service-nologin.php have encoded json in query parameter, so I believe that can be subject of blocking.
Will let you know...
Thanks!
Puntuazioen batez bestekoa: -