Smart action that upload a file return 403

Houssem_Yahiaoui · September 28, 2021, 7:48am

Expected behavior

Uploading an xml file, doing some processing, and export csv files.

Actual behavior

a 403 issue on that particular endpoint when clicking on the submit button to launch the post call.

What is the current behavior?
a 404 error over get /values (I understand this is normal from a different post here)

Failure Logs

Access to fetch at ‘api-to-post-the-file’ from origin ‘https://app.forestadmin.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
VM3596:1 POST net::ERR_FAILED 403 - api-to-post-the-file
(anonymous) @ VM3596:1
(anonymous) @ chunk.7.3063f605868b6fe645c9.js:353
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:21739
u @ vendor-5274ce00880a892114c98442cc88aca6.js:1256
(anonymous) @ vendor-5274ce00880a892114c98442cc88aca6.js:1254
forEach.e. @ vendor-5274ce00880a892114c98442cc88aca6.js:1263
d @ client-b3e42948e3200b571a87e7aa74003ff3.js:21718
a @ client-b3e42948e3200b571a87e7aa74003ff3.js:21747
Promise.then (async)
d @ client-b3e42948e3200b571a87e7aa74003ff3.js:21718
a @ client-b3e42948e3200b571a87e7aa74003ff3.js:21747
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:21747
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:21746
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:21748
t @ client-b3e42948e3200b571a87e7aa74003ff3.js:21735
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:22212
u @ vendor-5274ce00880a892114c98442cc88aca6.js:1256
(anonymous) @ vendor-5274ce00880a892114c98442cc88aca6.js:1254
forEach.e. @ vendor-5274ce00880a892114c98442cc88aca6.js:1263
O @ client-b3e42948e3200b571a87e7aa74003ff3.js:22180
a @ client-b3e42948e3200b571a87e7aa74003ff3.js:22182
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:22182
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:22181
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:22217
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:22207
u @ vendor-5274ce00880a892114c98442cc88aca6.js:1256
(anonymous) @ vendor-5274ce00880a892114c98442cc88aca6.js:1254
forEach.e. @ vendor-5274ce00880a892114c98442cc88aca6.js:1263
O @ client-b3e42948e3200b571a87e7aa74003ff3.js:22180
a @ client-b3e42948e3200b571a87e7aa74003ff3.js:22182
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:22182
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:22181
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:22211
(anonymous) @ client-b3e42948e3200b571a87e7aa74003ff3.js:22256
Promise.then (async)
value @ client-b3e42948e3200b571a87e7aa74003ff3.js:22256
value @ client-b3e42948e3200b571a87e7aa74003ff3.js:22246
triggerCustomAction @ client-b3e42948e3200b571a87e7aa74003ff3.js:1799
A @ vendor-5274ce00880a892114c98442cc88aca6.js:3143
c.triggerEvent @ vendor-5274ce00880a892114c98442cc88aca6.js:3073
n.trigger @ vendor-5274ce00880a892114c98442cc88aca6.js:5740
s.send @ vendor-5274ce00880a892114c98442cc88aca6.js:3099
send @ vendor-5274ce00880a892114c98442cc88aca6.js:3254
value @ client-b3e42948e3200b571a87e7aa74003ff3.js:14810
value @ client-b3e42948e3200b571a87e7aa74003ff3.js:11532
value @ client-b3e42948e3200b571a87e7aa74003ff3.js:5295
trigger @ vendor-5274ce00880a892114c98442cc88aca6.js:3613
n @ vendor-5274ce00880a892114c98442cc88aca6.js:3473
n._run @ vendor-5274ce00880a892114c98442cc88aca6.js:5357
n._join @ vendor-5274ce00880a892114c98442cc88aca6.js:5356
n.join @ vendor-5274ce00880a892114c98442cc88aca6.js:5322
h @ vendor-5274ce00880a892114c98442cc88aca6.js:3927
(anonymous) @ vendor-5274ce00880a892114c98442cc88aca6.js:3627
a @ vendor-5274ce00880a892114c98442cc88aca6.js:3845
handleEvent @ vendor-5274ce00880a892114c98442cc88aca6.js:3627
handleEvent @ vendor-5274ce00880a892114c98442cc88aca6.js:3552
(anonymous) @ vendor-5274ce00880a892114c98442cc88aca6.js:3577
dispatch @ vendor-5274ce00880a892114c98442cc88aca6.js:1562
g.handle @ vendor-5274ce00880a892114c98442cc88aca6.js:1557
r @ chunk.7.3063f605868b6fe645c9.js:318
chunk.7.3063f605868b6fe645c9.js:325 TypeError: Failed to fetch
at :1:876
at chunk.7.3063f605868b6fe645c9.js:353
at s. (client-b3e42948e3200b571a87e7aa74003ff3.js:21739)
at u (vendor-5274ce00880a892114c98442cc88aca6.js:1256)
at Generator._invoke (vendor-5274ce00880a892114c98442cc88aca6.js:1254)
at Generator.forEach.e. [as next] (vendor-5274ce00880a892114c98442cc88aca6.js:1263)
at d (client-b3e42948e3200b571a87e7aa74003ff3.js:21718)
at a (client-b3e42948e3200b571a87e7aa74003ff3.js:21747)

Context

Please provide any relevant information about your setup.

Package Version:5.7.0
Express Version:4.13.4
Sequelize Version:5.7.0

Houssem_Yahiaoui · September 28, 2021, 7:49am

All i get for that request is the OPTION call, and nothing else on the server side.

anon16419211 · September 28, 2021, 7:54am

Hello @Houssem_Yahiaoui ,

Have you check that your server is up and running? It might sounds obvious but this error could be related to this.

Also, did your smart action work before?

Best,

Houssem_Yahiaoui · September 28, 2021, 8:01am

Hello,

Yes, alive and working well, that’s how I can see my data that runs in the normal way except this, it used to be working as expected, but on my production project it’s not, even the error is weird as cors is well set, else the app will not work properly, maybe a check from your end would be nice…

Houssem_Yahiaoui · September 28, 2021, 8:07am

Also the weird part, this works well on development but not on production

jeffladiray · September 28, 2021, 8:29am

Hey @Houssem_Yahiaoui,

On the environment (Production) where the call is failing, could you:

Copy as curl the call failing with a 403
Run it in a terminal
Copy the response here or as a DM if you consider it private?

Also, do you have any error logs on your backend side?

I spotted that you are in the process of upgrading to our latest agent version, did this issue first occurred while upgrading ?

Thanks in advance.

Houssem_Yahiaoui · September 28, 2021, 3:19pm

Thank you @jeffladiray the v8 initiative still far away, I’m still with this v5 trying to make some of its parts work as expected, still… I can’t try this curl option as it’s protected by Cloudflare, is this a known issue?
I saw such an example: Configuring CORS headers - Documentation I’ve added the null option but doesn’t seem to be working as expected … and it’s blocking …

jeffladiray · September 28, 2021, 3:27pm

I would suggest to investigate the cloudflare issue indeed.

We had a couple ticket in the past talking about smart action being blocked by some WAF rules on cloudflare side - If that’s your case, I would suggest to contact cloudflare directly.

Let me know if that helps

Houssem_Yahiaoui · September 29, 2021, 6:52am

Hey Jeff,

That was correct, i’ve sent you a private message with some details, can you please check.

I really appreciate the help here!
Houssam

Topic		Replies	Views
CORS error on Smart Action Help me!	4	431	August 27, 2021
CORS issue trying to send POST request with Webhook in Smart Actions Help me!	3	1782	March 15, 2021
Access to XMLHttpRequest at 'http://localhost:3310/forest/' from origin 'http://app.forestadmin.com' has been blocked by CORS policy Help me!	16	1625	December 23, 2020
Smart actions not working after deployment Help me!	1	350	February 23, 2021
Cors configuration failed Help me!	1	336	June 13, 2022

Smart action that upload a file return 403

Expected behavior

Actual behavior

Failure Logs

Context

Related topics