RESOLVED: Server throwing forbidden (error 403)

#1

I have a confusing problem. My meteor server is now throwing a 403 error (forbidden) and when I connect to my server I only see the word “forbidden”.

Steps, I believe I did:

  1. I was running v1.6.0.1 with my application. All works fine, I can go back to that commit and verify that it still works.
  2. I upgraded to v1.6.1.1 which entailed a fix for a couple of issues in vsivsi:meteor-file-connection which I have in a fork.

When I upgraded from v1.6.0.1 it all worked (I was not getting a forbidden (e.g. 403) error, I did a number of commits to get it all sorted out.

Then I went and did a clean build and now I am forbidden.

I do not know where to start in debugging.

Here is a view of the network on my client:

And the request details:

The server seems to start up fine, but it is rejecting all requests.

Also, the port for this request is 5980, if I connect directly to localhost:5980 I get the same result. But the networking details are a tiny bit different.

Any clues? Any and all feedback is welcome!

#2

Can you share your package list? Meteor 1.6.1.x introduced a few WebApp changes, and since you’re getting a 403 from the server, one of your packages might be interfering with the 1.6.1.x http / connectjs related changes.

#3

Thanks @hwillson!
Here is the list…

accounts-password@1.5.0
accounts-base@1.4.2
check@1.3.0
audit-argument-checks@1.0.7
themeteorchef:jquery-validation
fortawesome:fontawesome
browser-policy@1.1.0
# meteorhacks:aggregate
mdg:validated-method

# Server Side rendering used by email templates
meteorhacks:ssr

# Server Side routing used by geolocation
# meteorhacks:picker


# themeteorchef:bert


# npm-container
ecmascript@0.10.6
es5-shim@4.7.0
kadira:flow-router@=2.12.1
kadira:blaze-layout
staringatlights:fast-render
meteor-base@1.3.0
mobile-experience@1.0.5       # Packages for a great mobile UX
mongo@1.4.2                   # The database Meteor supports right now
session@1.1.7
templating@1.2.14
fourseven:scss
reactive-var@1.0.11
reactive-dict@1.2.0
#aldeed:collection2-core
tracker@1.1.3
email@1.2.3
# force-ssl@1.1.0-rc.14
underscore@1.0.10
dburles:collection-helpers
dburles:google-maps
peerlibrary:reactive-publish@0.6.0

spacebars-compiler@1.0.12

# required for admin console
random@1.1.0
mrt:moment-timezone
# aldeed:autoform
#brucejo:bootstrap-multiselect

# required for file uploading
benjaminrh:jquery-cookie
numeral:numeral

# utils
liberation:reactive-var-inc-and-dec

# debug tools
# meteortoys:allthings
# datariot:ganalytics
# standard-minifier-css
# standard-minifier-js
# kadira:debug
facts@1.0.9
# meteorhacks:async

# file downloading
http

# testing
# practicalmeteor:mocha
xolvio:cleaner
tmeasday:acceptance-test-driver
xolvio:backdoor
# velocity:meteor-stubs

# Must be last 3rd party package
# vsivsi:file-collection@2.0.0

# App packages last
meris:base
meris:signin
meris:helpers
meris:sharedhelpers
meris:col-sort
meris:utils
meris:debug
shell-server@0.3.1
brucejo:body-events
dynamic-import@0.3.0
aldeed:collection2-core
themeteorchef:bert

#4

Try disabling staringatlights:fast-render to see if that helps.

#5

Thanks @hwillson , removed staringatlights:fast-render, did not help.

I am thinking of trying this technique to narrow down.

  1. start with a working 1.6.1.1 project (via meteor create)
  2. Add all of my packges to the project, see if it still runs.
  3. If it fails, do binary removal (e.g. 50% at a time) to find any offending packages.

I would love to hear if you have any other approaches / ideas on how to narrow down?

Thanks!

#6

That was quick.

I created a v1.6.1.1 app and added all my packages. It connects fine.

could npm packages have an effect too? I use express

Here is my list…

MERIS@1.0.0 /mnt/e/u/mroot/meris
├── @babel/runtime@7.0.0-beta.46
├── assert@1.4.1
├── autosize@3.0.21
├── bcrypt@0.8.7
├── UNMET PEER DEPENDENCY bootstrap@>=3.0.0
├── bootstrap-select@1.13.1
├── cookie@0.3.1
├── cookie-parser@1.4.3
├── core-js@2.5.5
├── cross-env@5.1.4
├── csvtojson@1.1.9
├── dependency-graph@0.5.2
├── express@4.16.3
├── faker@4.1.0
├── flat@2.0.1
├── geolib@2.0.24
├── immutable@3.8.2
├── jquery@3.3.1
├── jsonata@1.5.3
├── locks@0.2.2
├── lodash@4.17.10
├── meteor-ios10-csp-fix@0.1.0
├── mocha-web-reporter@0.0.2
├── object-path@0.11.4
├── runjs@4.3.2
├── simpl-schema@0.3.2
├── stream-with-known-length-to-buffer@1.0.1
├── ua-parser-js@0.7.17
└── winston@2.4.2
#7

Now I am thinking I should start a 1.6.1.1 project and then add my code into it?

#8

D’oh!!

I had a bad express route defined that was throwing the errors. I was thrown off because it worked when I was porting over to 1.6.1, but later did not work.

@hwillson, thanks for the input.

1 Like