"Delete Spammer" from "Flag" menu returns 403, doesn't work

(Jan P.) #1

Happening on hosted discourse https://forum.ionicframework.com/ all the time:

  • I see a spam post of a new user.
  • Click “…” and then “Flag” icon
  • Mark “It’s spam”
  • Click “Delete spammer” button
  • Get 403 response from backend for email.json:


(Jeff Atwood) #2

Can we repro this @eviltrout?

(Robin Ward) #3

I could not reproduce this one. @Sujan can you provide any more details? For example are you a moderator or an admin when you do this?


I reported the same issue here:


In short, this is only an issue for moderators when the show_email_on_profile site setting is turned off which is the default.

(Jan P.) #5

Yes, I am a moderator.
Delete Spammer on admin/flags doesn't work for mods if "show_email_on_profile" setting is turned off does look relevant.

(Jeff Atwood) #6

Aha does that help narrow it down @eviltrout?

(Robin Ward) #7

I just tried this as a moderator and clicked delete spammer from the modal and it worked fine. Also @Osama in that topic @zogstrip says he fixed it back in July? Is it not fixed?


Hi Robin

@zogstrip’s commit fixed a related issue, but doesn’t seem to have fixed this very particular issue because I’m able to reproduce it everytime I attempt on my dev install (it’s on absolute latest).

Did the account has admin rights as well as moderator rights? If so then the admin rights need to be revoked to be able reproduce this bug. And was the show_email_on_profile setting disabled? If these two conditions are met, you should be able to reproduce this.

I’m sure this has something to do with permissions to view emails. See X-Discourse-Route in response headers:

(Robin Ward) #10

I am not sure why I wasn’t able to reproduce it before but I managed to do it this morning (3rd time is the charm?).

Here’s a fix:

(Jeff Atwood) #11

This topic was automatically closed after 31 hours. New replies are no longer allowed.