• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.2 More useful error messages?

Mr Lucky

Well-known member
#1
I recently spent a lot of time troubleshooting a problem a member was having - she was getting error messages when posting video media

The following error occurred:
Forbidden
You don't have permission to access /community/index.php on this server.
It turned out eventually this was merely because she was pasting the Youtube embed code instead of the URL.

I can understand why someone might make this mistake, but the error message is very misleading as it implies a permissions problem.

Is there a way to either:

  • Make the message more relevant to the problem
  • Make it so that an embed code also works as well as the URL
Thanks
 

Brogan

XenForo moderator
Staff member
#2
That's actually an Apache error.

There is a resource which allows you to post HTML but be aware that allowing that is a security risk, hence why bb code is used instead.
 

Mike

XenForo developer
Staff member
#3
As noted, that is happening before XF is even executed. It's probably mod_security. Your host may be able to help identify the specific rule being triggered.
 

Mr Lucky

Well-known member
#5
Update:

It seems we don't get the error if you have "old embed code" ticked.

This one causes an error:

HTML:
<iframe width="560" height="315" src="//www.youtube.com/embed/0xXwNwe2OjM?rel=0" frameborder="0" allowfullscreen></iframe>
This one doesn't:

HTML:
<object width="560" height="315"><param name="movie" value="//www.youtube.com/v/0xXwNwe2OjM?version=3&amp;hl=en_US&amp;rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="//www.youtube.com/v/0xXwNwe2OjM?version=3&amp;hl=en_US&amp;rel=0" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object>
 

Brogan

XenForo moderator
Staff member
#6
This is the current default embed code:
Code:
<iframe width="500" height="300" src="https://www.youtube.com/embed/{$id}?wmode=opaque" frameborder="0" allowfullscreen></iframe>
The second code block you have posted above looks quite wrong.
 

Mike

XenForo developer
Staff member
#7
This is almost definitely mod_security blocking specific HTML strings (like an <iframe). Nothing we can do about it unfortunately. Your host would need to be involved.