[Bug] CurseForge versions returns 403

[MrMasrozYTLIVE]

Uploading to Curseforge
Failed to fetch Curseforge Versions
java.io.IOException: Server returned HTTP response code: 403 for URL: https://minecraft.curseforge.com/api/game/version-types

This happens only when you set X-Api-Token header, if you use token query param (?token=XXXXX) it works just fine

[hypherionmc]

That interesting. We use this plugin ourselves, and a bunch of other more popular mods also use it, and this is new.

You are setting the token through the apikeys -> curseforge method inside your build.gradle right?

[MrMasrozYTLIVE]

That interesting. We use this plugin ourselves, and a bunch of other more popular mods also use it, and this is new.

You are setting the token through the apikeys -> curseforge method inside your build.gradle right?

yep. Same token in browser (and in postman) using query param works just fine, but none of the gradle plugins works for uploading. There's also error 403 when trying to do X-Api-Token from postman

[hypherionmc]

Alright. Thanks for the information.

Let me check in with CurseForge about this, and I will get back to you ASAP :)

[MrMasrozYTLIVE]

As you can see token is 100% not missing There's also some issues from other people who used different plugins: https://github.com/Darkhax/CurseForgeGradle/issues/22 https://github.com/Darkhax/CurseForgeGradle/issues/20 https://github.com/matthewprenger/CurseGradle/issues/37

[hypherionmc]

Huh. The plot thickens.

Can you maybe provide me some basic info about your setup?

Operating system Gradle version Java Version

Want to see if I can do some replicating tests

[MrMasrozYTLIVE]

Huh. The plot thickens.

Can you maybe provide me some basic info about your setup?

Operating system Gradle version Java Version

Want to see if I can do some replicating tests

You can find the project at https://github.com/MrMasrozYTLIVE/CatTeleportMod-Fabric and see my Gradle configuration there

[hypherionmc]

Just ran a quick test with postman (linux), and it's working fine with the header.

So wondering if it's something on their backend maybe causing the issue

[MrMasrozYTLIVE]

So wondering if it's something on their backend maybe causing the issue

It seems like it has something to do with their Cloudflare configuration Because now both of these ways are throwing 403 while it works just fine in browser (After "CloudFlare is verifying your connection" passed)

[hypherionmc]

That is very useful information. Thank you. I am passing everything on to them. Definitely an issue on their side

[MrMasrozYTLIVE]

That is very useful information. Thank you. I am passing everything on to them. Definitely an issue on their side

Thank you. I was going insane over past few days due to this error. I tried like 4 or 5 different plugins for publishing to CurseForge and none worked

[hypherionmc]

Hey. Got some feedback from CurseForge.

They ask if there is any way that you can try uploading through a VPN? They just need to confirm some stuff on their side

[MrMasrozYTLIVE]

Hey. Got some feedback from CurseForge.

They ask if there is any way that you can try uploading through a VPN? They just need to confirm some stuff on their side

I tried using self hosted vpn in Sweden and without any vpn at all (forgot to mention I am from Russia).

[hypherionmc]

Any way you can try with a standard VPN (not self hosted)?

Sorry for all the questions. CloudFlare issues are a b.... to debug. Alternatively, if you can manage to get the CloudFlare ray ID when you see that error page, that would also help

[MrMasrozYTLIVE]

Any way you can try with a standard VPN (not self hosted)?

Sorry for all the questions. CloudFlare issues are a b.... to debug. Alternatively, if you can manage to get the CloudFlare ray ID when you see that error page, that would also help

All requests are done using Reqable (Same as Postman) cRay: '8add36c158f19d58' - no VPN, token as query cRay: '8add3bfaaeaa9d58' - Self-Hosted VPN, token as query

cRay: '8add389748be9d58' - no VPN, token as header cRay: '8add3d32dce09d58' - Self-Hosted VPN, token as header

Sorry for taking so long, tried to use not self-hosted vpn but its basically not possible

[MrMasrozYTLIVE]

Sorry for taking so long, tried to use not self-hosted vpn but its basically not possible

They're all banned here, most VPNs only provide OpenVPN TCP/UDP and WireGuard protocols. Both of them are not usable there

[MrMasrozYTLIVE]

Found one not banned VPN, Returns 200, Riga cRay: '8add5bfbcabdb613' - token as query cRay: '8add5db13d32b613' - token as header

[hypherionmc]

Hey

So got some feedback from them. They are still investigating the core issue, but it seems like it's a country issue with cloudflare specifically.

A work around for now, would be to use the VPN that works, or to run your uploads through GitHub actions. Unfortunately in cases like this, there isn't anything we can do from our side to fix it. You will likely run into the same issue if you try to publish on Modrinth

[MrMasrozYTLIVE]

Hey

So got some feedback from them. They are still investigating the core issue, but it seems like it's a country issue with cloudflare specifically.

A work around for now, would be to use the VPN that works, or to run your uploads through GitHub actions. Unfortunately in cases like this, there isn't anything we can do from our side to fix it. You will likely run into the same issue if you try to publish on Modrinth

Nope, funny part is that uploading to modrinth works perfectly fine

[hypherionmc]

Interesting, so it's 100% just a CurseForge problem

[MrMasrozYTLIVE]

Interesting, so it's 100% just a CurseForge problem

I think it has something to do with CurseForge CloudFlare configuration. It sets cf-mitigated: challenge header on response and therefore throws 403 (Its CloudFlare waiting room and since 'client' cant execute JavaScript it cant pass)