Dashboard section requests fail with 403 Forbidden

the /forest/stats/*** requests in our dashboard section fail with a 403 error since we have updated to the latest version of forest-express (7.9.4)

  • Project Name: Homeloop

Hello @Benjamin_Crespo

Sorry to hear that, I’ll share your issue with the team.

Can you please confirm that you migrated from forest-express-sequelize 7.9.3 to 7.9.4 when you got the issue?

We went from ^6.6.3 to ^7.0.0


I cannot reproduce the issue using forest-express-sequelize version": "7.10.1.
Do you mind trying to upgrade once more to see if this was fixed?

Thank you.

Just tried and its not working :confused:

Too bad.

I may have found a culprit with version 7.2.0.
Could you please downgrade to version 7.1.0 and tell me if the issue disappears?

Could you also share with us the full body of the request?

It works fine with the 7.1.0

With 7.1.0

POST /forest/stats/leads HTTP/1.1
Accept: application/json
Origin: http://app.forestadmin.com
Content-Type: application/json
Authorization: Bearer XXX
Referer: http://app.forestadmin.com/
Content-Length: 578
Host: localhost:3030
Accept-Language: fr-fr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15
Accept-Encoding: gzip, deflate
Connection: keep-alive


Good to know for version 7.1.0.

I’m not sure about your request body though.
I was expecting something like


So your advice is to stick to 7.1.0 until the problem is fixed on a future version ?

Hello @Benjamin_Crespo,

Yes, the best thing to do would be to use the version 7.1 until we fix the problem on the current version.

We would need your help to fix the issue, can you please share the content of the request’s body that is sent to the path /forest/stats/leads?

There is currently a mechanism that is checking that the content of the request is legit regarding the configuration of your layout. I think that a feature development could have added more parameters that are not present in your layout yet, but I need to be sure.

Can you please share the content of the POST body?

1 Like

Here’s what is sent:

  "type": "Line",
  "collection": "leads",
  "timezone": "Europe/Paris",
  "group_by_date_field": "acquisition_date",
  "aggregate": "Count",
  "time_range": "Month",
  "filters": "{\"aggregator\":\"and\",\"conditions\":[{\"field\":\"dir_eligibility\",\"operator\":\"equal\",\"value\":true},{\"field\":\"acquisition_date\",\"operator\":\"after\",\"value\":\"2019-02-28T22:59:00.000Z\"},{\"field\":\"dir_consent\",\"operator\":\"equal\",\"value\":true}]}"


Can you also share with me the environment on which you have this issue, and the team you’re using? I just want to be sure to check the right data.

I’s Homeloop in Production, and the team is Central.
Thank you

Hello again @Benjamin_Crespo,

I think I have isolated the cause of your issue.

Can you please test something?

  1. Edit your dashboard
  2. Edit one chart for which you have the forbidden error
  3. Change the filters on boolean values & save
  4. Do the opposite modification

Does it solve the issue with your dashboard?

I’m creating a ticket on our side to correctly handle filters on boolean values that have been defined in previous versions.

I changed the boolean values that were on true to false, saved, then put them back to true again, and it didn’t work

Ok, then can you do the same with the date filters? I would like to check if the issue is caused by these values.
They seem to have been saved in an old format.

And it seems that the issue came from the date format ! It’s working now, thank you.

Hello @Benjamin_Crespo,

We released a new version of our backend application. :confetti_ball:
You should not encounter forbidden error anymore for this type of old dates format in the dashboards !

In case you haven’t updated all your dashboard manually, let me know if it solves your issue.

Have a nice day.