[SOLVED] 403 when accessing GraphQL API

ubuntudroid · February 2, 2021, 2:05pm

I have…

[ ] Checked the logs and have uploaded a log file and provided a link because I found something suspicious there. Please do not post the log file in the topic because very often something important is missing.

I’m submitting a…

[x] Regression (a behavior that stopped working in a new release)
[ ] Bug report
[ ] Performance issue
[ ] Documentation issue or request

Current behavior

GraphQL requests return 403.

Expected behavior

No 403

Minimal reproduction of the problem

Our graphQL requests return 403 errors like the following for most requests on various clients):

{
  "type": "https://tools.ietf.org/html/rfc7231#section-6.5.3",
  "title": "Forbidden",
  "status": 403,
  "traceId": "00-cb39f46fe654ed42b58b9644fd898575-74ec8866c70a2146-00"
}

It doesn’t matter whether we access the API via the CDN or directly.

Environment

[ ] Self hosted with docker
[ ] Self hosted with IIS
[ ] Self hosted with other version
[x] Cloud version

Version: latest cloud

Browser:

[ ] Chrome (desktop)
[ ] Chrome (Android)
[ ] Chrome (iOS)
[ ] Firefox
[ ] Safari (desktop)
[ ] Safari (iOS)
[ ] IE
[ ] Edge

ubuntudroid · February 2, 2021, 2:13pm

It affects our development and production clients and broke from one minute to the next - I cannot say when exactly but my guess is it started maybe 1 hour ago (that’s at least when I saw it first on a dev version and started to check my in-development code for errors before finding out, that it also affects the live version).

Sebastian · February 2, 2021, 2:20pm

What permission do you use?

ubuntudroid · February 2, 2021, 2:21pm

We are using the Reader permission on all clients.

Sebastian · February 2, 2021, 2:22pm

I will provide a fix asap.

ubuntudroid · February 2, 2021, 2:23pm

Lovely! Can you afterwards (whenever you have time, no need to hurry) let us know what broke? I’m interested in that kind of things.

Sebastian · February 2, 2021, 2:25pm

I have rolled back the last deployment. It should hopefully work again.

ubuntudroid · February 2, 2021, 2:26pm

It looks like it works again, many thanks!

Sebastian · February 3, 2021, 3:51pm

I have deployed the final fix.

ubuntudroid · February 3, 2021, 4:50pm

@Sebastian unfortunately we are starting to see 403s again.

Sebastian · February 3, 2021, 5:20pm

Fuck, do you use the GET or POST endpoint?

ubuntudroid · February 3, 2021, 5:58pm

Sorry for the late reply - we are using GET.

Sebastian · February 3, 2021, 6:08pm

I think it has been fixed, can you approve that?

ubuntudroid · February 3, 2021, 6:09pm

Works like a charm, many thanks!

Sebastian · February 3, 2021, 6:11pm

Sorry for the inconveniences. Rough days.

ubuntudroid · February 3, 2021, 6:11pm

No worries, happens to the best.

system · February 5, 2021, 3:52pm

This topic was automatically closed after 2 days. New replies are no longer allowed.