OJS: 3.2
When the ojs app make a request to the server (put a form…) always respond with a 403 forbidden, as you can see in the attached file.

When i deleted the base_url config i do not have this problem,as you can see in the attached file:

I deleted the cookie session for revistas.deusto.es and reload the page and then i saved the changes. As you can see in the attached file the settings are saved:

has the OJS core any problem handling cookies?
Hi @miren.cava,
It’s likely that the 403 Forbidden
response is coming from your web server’s security toolset (e.g. mod_security
) rather than OJS; check your web server’s logs to see if something is captured there.
Regards,
Alec Smecher
Public Knowledge Project Team
I am not sure that it is the problem of my server…i checked the cookies and when the request failed it is because the cookie session is not set properly. As you can see only the cookie session of the revistas.deusto.es domain is set…is it correct?

when the request is accepted the cookie session for the specified domain is set, as you can see in the following picture:

In my server is not active the mod_secturity module.
Regards,
Miren
Hi @miren.cava,
The leading .
in the domain means that the cookie is set for all subdomains as well, so I’m not sure that’s the problem.
Regards,
Alec Smecher
Public Knowledge Project Team
But there is something about that…because when the both cookies are set it is working but when only has .revista.deusto.es is not working…
I have to say that it so hard to migrate the ojs platform…there is no way that the app is finally working…
Hi @asmecher
There is something that can help us about this issue?
Miren
Hi @miren.cava,
Is it possible that one cookie is conflicting with the other? Try removing both to see if two different cookies are again generated; there should be only one.
Regards,
Alec Smecher
Public Knowledge Project Team
Hola @asmecher
Firstly, I log in through revistas.deusto.es , as you can see in the following picture:

Secondly, i enter in the administration panel and through this i choose one journal, as you can see in the following picture:

Only one cookie is set, as you can see in the next picture:

when i tried to save a form it is not working, as you can see in the next picture:

but…if i remove the first cookie and reload the page…i log in through the journal and try the same action. As you can see in the following picture:


If a go back and login through revistas.deusto.es and i have both cookies…all is working too. As you can see in the following picture…

¿What can be the problem?
Hi @miren.cava,
Are you using mod_rewrite
to alter the journal URLs? I suspect that’s related.
Regards,
Alec Smecher
Public Knowledge Project Team
Hi @asmecher
Yes, i do. This is part of my config, the last three rules are repeat for each base url of each journal:
#Bugfix for OJS 3.2.0-3: submissions API doesnt work with shortened URLs
RewriteRule ^tuningjournal/api/v1(.)$ index.php/tuningjournal/api/v1$1 [L,R=307]
RewriteRule ^djhr/api/v1(.)$ index.php/djhr/api/v1$1 [L,R=307]
RewriteRule ^baidc/api/v1(.)$ index.php/baidc/api/v1$1 [L,R=307]
RewriteRule ^ced/api/v1(.)$ index.php/ced/api/v1$1 [L,R=307]
RewriteRule ^revista-estudios/api/v1(.)$ index.php/revista-estudios/api/v1$1 [L,R=307]
RewriteRule ^DEC/api/v1(.)$ index.php/DEC/api/v1$1 [L,R=307]
Use this set of 3 lines for each of your journals
RewriteCond %{SERVER_NAME} ^desa.www.tuningjournal.org
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php/tuningjournal/$1 [L]
…
I suspect that it something related to this .htaccess misconfiguration…because when i do not use base_url…the app is working…But i cannot find any config in yours documentation…
Hi @miren.cava,
I’m not especially knowledgeable about mod_rewrite
rules in depth, but I suspect this is where your issues are coming from. OJS sets the cookie domain based on several CGI parameters it gets from the web server (HTTP_X_FORWARDED_HOST
, HTTP_HOST
, or SERVER_NAME
in precedence order). See pkp-lib/PKPRequest.inc.php at stable-3_1_2 · pkp/pkp-lib · GitHub for details.
Regards,
Alec Smecher
Public Knowledge Project Team