Setting Page footer doesn't save img - POST 403 (Forbidden)

Describe the issue or problem
I just upload an image in page footer settings or add an html img tag to a certain image. The browser show me the image but when I try to save it, the system alert said “An unexpected error has occurred. Please reload the page and try again.”

The web browser console shows me an error: “POST journalURL/api/v1/contexts/1 403 (Forbidden)”

In server files I could see the image in public/site/images, so, I don’t think it is a permission issue, or at least write and read permissions. This also happens with images in announcements with error:

“POST journalURL/api/v1/announcements/8 403 (Forbidden)”

Other images uploaded to the site work fine (logo, Journal thumbnail, …)

Steps I took leading up to the issue
For example:

  1. Go to 'settings / website / appearance / setup / page footer
  2. Click on image or source code (adding html img tag)
  3. Select an image. The image was uploaded successfully (I can see it in the browser and in server files)
  4. click save. Error “An unexpected error has occurred. Please reload the page and try again.”

What application are you using?
OJS 3.3.0-12 in Xampp.
Windows server 2016.
PHP 7.4.33

Additional information
No error in PHP error log. Web browser Console show:

XAMPP has been installed and is running with administrator permissions.

Any idea? Thanks!

Hi @jorgelpolanco,

Do you have img as one of the allowed HTML tags in your

PKP Team

Hi @jorgelpolanco,
I used to had the same problem and were able to solve it by increasing public_user_dir_size in the Hope this solution can help.

1 Like

Yes indeed! @rcgillis

@Salam_Al-Khammasi , The error is not when uploading the image, it is when saving the image because: 1. Also happens with any public URL web image and 2. Images were uploaded successfully to public file in server.

For some reason I did that and it worked. Have you tried to increase it’s value?

Hi @jorgelpolanco,

If you’re getting a 403 Forbidden, it’s likely that there is a security auditing/monitoring tool on your server (mod_security or equivalent) that’s mistakenly interpreting a request as a security threat and preventing it from reaching OJS. You can usually verify this by reviewing any security-related web server logs on your server.

Alec Smecher
Public Knowledge Project Team

This topic was automatically closed after 11 days. New replies are no longer allowed.