XF 1.5 Error 403 (forbidden) on embedded image

[seanadams]

Another user (admin) made a post with an embedded image (attachment).

When I (also an admin) load it I can view the text, but I get a broken image. Inspecting the element shows a 403 error.

She says it shows up fine for her. How can I debug further?

Possibly relevant: she also has a problem sometimes where she invites several people to a conversation - one of them gets the invitation, but he gets a permission denied error when trying to view the conversation.

I've just upgraded from 1.4.3 to 1.5.5 and the image is still broken.

 

[Jake Bunce]

Is it a post attachment or a remotely hosted image?

Regarding the conversation... is it a XF permission error or something more generic like a server error?

 

[seanadams]

Is it a post attachment or a remotely hosted image?

Attachment. I see the 403 in my apache log but I don't know how to debug further.

Regarding the conversation... is it a XF permission error or something more generic like a server error?

In that case he was getting a Xenforo permission error.

 

[seanadams]

I just confirmed that the author of the post CAN see the embedded attachment. She logged in using my same browser, in a Chrome "incognito" session.

Also confirmed one other forum member CAN see the attachment.

When logged in to my account I can NOT see the attachment.

In the apache log I see some 403 errors for this image being fetched from other IP addresses, so apparently there are other people who can not see it too.

How do I obtain more detailed debugging from "index.php?attachments" ?

 

[seanadams]

Does the following help? This is with debug flag turned on, I load the image URL and click the link the at the bottom of the resulting 403 page.

Note the "impossible where" SQL response. (?)

 

[seanadams]

And here is when it is loaded successfully from the other account:

 

[Mike]

Can you screenshot what you get when you load the failing image directly? Your last messages imply you're getting a XenForo error (which I'd assume is a no permission error), but I need to confirm that. If it's a XenForo error, do you get the same error in other browsers? What if you hard refresh?

 

[Mike]

Hmm actually, I just looked at the debug output. That's an attachment in a conversation. It sounds like the user just copied the URL to the attachment to a different location; the attachment will still respect the permissions from that location, so in this case it would only be viewable to users in the conversation.

They'll have to reattach it where they want to use it.

 

[seanadams]

Thank you Mike!!!

Yes, that was the problem. Apparently she drafted the post in a private conversation, then copy-pasta'd the contents into a public post. So the embedded image did not get the correct permissions because it wasn't re-uploaded.

Would be good to have a more informative error message in this case, but the behavior makes sense. Thank you again!