Issue with Nginx and Apache when DELETE and PUT requests

ssalavat · June 5, 2020, 1:13pm

Hope this will help to someone with same issue.

I had an issue with DELETE and PUT requests.
Finally it turned out that following server configuration: Nginx as proxy for Apache in background will cause this problem. It is related to Nginx configuration settings.
my OJS 3.2.0.3 is on shared hosting and I have no access to Nginx settings as so. Nginx is returning 403 status on DELETE and PUT requests, but serves without problem the GET and POST.

Idea for solution came from the this stackoverflow question

Solution (workaround) is to code the requests with POST for DELETE and PUT, and use “Slimframework”'s override the HTTP request method by using X-Http-Method-Override.

Suggestion for developers, please consider this in your coding.

asmecher · June 5, 2020, 6:00pm

Hi @ssalavat,

Have you worked out the changes to OJS in detail? If so, could you open a pull request to the github repository (or repositories), linking back to this posting in the description?

Thanks,
Alec Smecher
Public Knowledge Project Team

ssalavat · June 6, 2020, 3:21pm

Hi,
Sorry for probably silly question: to which branch I should create pull request?

asmecher · June 6, 2020, 3:24pm

Hi @ssalavat,

See if your changes will apply cleanly to master; that’s the best place for new code to go. If not, then submit to the stable branch matching your version (e.g. stable-3_2_0 for 3.2.0-x).

Thanks,
Alec Smecher
Public Knowledge Project Team

ssalavat · June 9, 2020, 12:28pm

Hi @asmecher,

I have created pull request in ui-library part.

raphael · June 22, 2020, 5:24am

Hello!

I think i am having this problem with an OJS 3.2.0-3 site hosted on InfinityFree since i get the following response headers when trying to edit a journal (weird thing is i can not only create but delete journals as well)

General

Request URL: …/index.php/larevista/api/v1/contexts/4
Request Method: PUT
Status Code: 403 Forbidden
Remote Address: 185.27.134.130:80
Referrer Policy: no-referrer-when-downgrade

Response headers

Cache-Control: public, proxy-revalidate, public, proxy-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Mon, 22 Jun 2020 04:14:39 GMT
Last-Modified: Mon, 22 Jun 2020 03:49:34 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding

Console output:

jquery.min.js?v=3.2.0.3:formatted:3857 PUT …/index.php/larevista/api/v1/contexts/4 403 (Forbidden)

Is the idea to include the workaround with the next version? would an update to 3.2.1 fix this?

Thanks in advance!

ssalavat · June 22, 2020, 9:55am

I do not know if it will be included in 3.2.1, probably @asmecher will have this info.
The suggested workaround has been merged at master branch to my knowledge.

If need to overcome this in 3.2.0.3, I can help you to apply the workaround.

raphael · June 22, 2020, 10:01am

@ssalavat i would really appreciate the help with the workaround, thanks in advance!