Get the most out of your Centmin Mod LEMP stack
Become a Member

Wordpress Wordpress getting 403 error

Discussion in 'Blogs & CMS usage' started by darnpunk, Sep 4, 2019.

  1. darnpunk

    darnpunk New Member

    4
    1
    3
    Sep 4, 2019
    Ratings:
    +1
    Local Time:
    8:20 PM
    I am having issues with some plugins that require direct access to the PHP file under /wp-content.

    For example I am using this plugin - YITH WooCommerce Social Login

    1. It has a callback URL that is a direct PHP file - https://my.domain.com/wp-content/pl...social-login/includes/hybridauth/facebook.php
    2. The entry file for authentication is - https://my.domain.com/wp-content/pl...h/?hauth.start=Facebook&hauth.time=1567588990

    Both returns a 403 Forbidden error.

    Also to add-on I am using Facebook Chat plugin and that too doesn't work. Error is related to

    Refused to display 'Facebook in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors Facebook - Log In or Sign Up".

    I used the same plugin and setup on an Apache server and it works. So I am guessing it has something to do with nginx permissions / URL rewrite. I am new to nginx and need your help on this.

    Many thanks in advance!
     
    Last edited by a moderator: Sep 4, 2019
  2. eva2000

    eva2000 Administrator Staff Member

    42,085
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,616
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  3. darnpunk

    darnpunk New Member

    4
    1
    3
    Sep 4, 2019
    Ratings:
    +1
    Local Time:
    8:20 PM
    Thank you @eva2000 I will look at it. As for the iframe blocking issue, is it related to that too? Or I need to allow the domain manually using X-Frame-Option?
     
  4. eva2000

    eva2000 Administrator Staff Member

    42,085
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,616
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Centmin Mod doesn't configure or setup Content Security Policies (CSP), so you'd need to figure out where that CSP directive is being setup within Wordpress.
     
  5. darnpunk

    darnpunk New Member

    4
    1
    3
    Sep 4, 2019
    Ratings:
    +1
    Local Time:
    8:20 PM
    Thanks @eva2000, I am able to solve the 403 issue with the guide you provided. As for the frame-ancestors issue, it is a configuration problem with Facebook side. All sorted out now.

    Thank you!
     
    • Like Like x 1
  6. eva2000

    eva2000 Administrator Staff Member

    42,085
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,616
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Glad to see you got it all sorted :)