Cannot Save Theme Customizations: 403 Error on PUT

Hey all, using v1.9.0.beta13 +147 and cannot save any theme customizations at all.

This is what gets dumped to console in Chrome when I try to save HTML/CSS customizations anywhere (be it the head, header, etc):

image

If I go to the file that’s giving the 403, it wants to download default.dcstyle.json so it seems to be working.

If I look at those ember_jquery files, I don’t really know what’s breaking, but it seems like line 9176 of that file is a comment??

image

I’m lost with that one! And for the record, I have CloudFlare’s Performance stuff completely disabled for /admin*

Anyone seen this or know how to debug or tell Chrome to chill out?

Thanks in advance!

Can you repro this @jomaxro?

As an update, it started working again and I don’t know why. Same browser same server, no reboots or nothin… Part of me still wants to blame CloudFlare. I have no clue.

Update: I asked Jeff to re-open this because it’s still sporadically happening. I upgraded my VPS and that didn’t help. I’ll start digging through the logs when I have time.

1 Like

Another update on this - Disabling CloudFlare’s DNS / CDN part seems to have fixed it:

image

Just disabling their Performance settings wasn’t enough. At least not this time around.

What I hate about this is that it now exposes my server’s IP though. I’m quite confident that CloudFlare and Docker-based Discourse are not playing well together.

2 Likes

This issue is back for me. It’s sporadic and driving me crazy.

I’m running tail -f /var/log/nginx/error.log /var/log/nginx/error.log.1 /var/log/nginx/error.letsencrypt.log /shared/log/rails/unicorn.stderr.log while inside of my web_only container (my data and web containers are separated) and it’s not showing any 403 error.

Are there other logs where the 403 may show up?

For those who ended up here via google:

More likely than not this was cloudflare’s Web Application Firewall. You can check this see this by inspecting the response of that 403: is it it’s html from cloudflare with a captcha inside? If it is, then probably only saving html/javascript customisations give you trouble.

You can switch it off in cloudflare’s Firewall section and that’ll fix your theme customisation 403 problem:

5 Likes

For anyone searching for a solution, try going to the firewall page in Cloudflare. Click on Web Application Firewall. Look for “Package: Cloudflare Rule Set” and disable the one called “Cloudflare Specials”.

I found it by looking at the details in the Cloudflare logs at the bottom of that page. The other WAF rules are still active, but Discourse is working now.

3 Likes