Closed kumar303 closed 6 years ago
The add-on's listing page is visible on the legacy front-end, and at a glance looks "normal" - it's Approved; visible; non-deleted; with a current Version that's Approved; enabled; non-deleted; with a single All Platforms File.
This is done by nginx. I bet this is somehow because the URL has "reviewers" in it...
This may not be done by nginx, because when bypassing nginx entirely and access the app locally, there is still a 403 error.
$ curl -I -H "content-type: application/json" -H "host: addons.mozilla.org" 'localhost:9000/api/v3/addons/addon/bitbucket-server-reviewers/?lang=en-US'
HTTP/1.1 403 FORBIDDEN
x-xss-protection: 1; mode=block
Content-Security-Policy: script-src https://ssl.google-analytics.com/ga.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://addons.cdn.mozilla.net; style-src 'self' 'unsafe-inline' https://addons.cdn.mozilla.net; default-src 'self'; frame-src 'self' https://www.google.com/recaptcha/; child-src 'self' https://www.google.com/recaptcha/; img-src 'self' data: blob: https://ssl.google-analytics.com https://addons.cdn.mozilla.net https://static.addons.mozilla.net https://sentry.prod.mozaws.net; media-src https://videos.cdn.mozilla.net; object-src 'none'; connect-src 'self' https://sentry.prod.mozaws.net; font-src 'self' https://addons.cdn.mozilla.net; form-action 'self' https://developer.mozilla.org; base-uri 'self' https://addons.mozilla.org; report-uri /__cspreport__
x-content-type-options: nosniff
ETag: "1a9bf500fe643d719bc92054df9b8685"
X-Frame-Options: DENY
Content-Type: text/xml
Good catch! This is actually done by addons-server, sorry.
This is because of this:
url('^reviewers/', include('olympia.reviewers.urls')),
It's missing the ^
at the beginning (Same for editors
, and pages/appversions/
, though that's less of a problem there.
Verified as fixed on AMO-dev with FF57 (Win10) Scenarios tested:
/reviewers/
- https://addons-dev.allizom.org/en-US/firefox/addon/reviewers//reviewers/
- https://addons-dev.allizom.org/en-US/firefox/collections/AlexandraMoga/reviewers/
Describe the problem and steps to reproduce it:
(Please include as many details as possible.)
Search for "bitbucket":
Show response
```json { "id": 845907, "authors": [ { "id": 13215875, "name": "Pavel V", "url": "https://addons.mozilla.org/en-US/firefox/user/corkscreewe/", "username": "corkscreewe" } ], "average_daily_users": 22, "categories": { "android": [ "user-interface" ], "firefox": [ "other" ] }, "contributions_url": null, "current_beta_version": null, "current_version": { "id": 2223971, "compatibility": { "android": { "max": "*", "min": "48.0" }, "firefox": { "max": "*", "min": "48.0" } }, "edit_url": "https://addons.mozilla.org/en-US/developers/addon/bitbucket-server-reviewers/versions/2223971", "files": [ { "id": 765172, "created": "2017-11-09T12:23:31Z", "hash": "sha256:04dc9685f3a85fdb65be273447c819691674f0e2526c2517875d13780c450dde", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", "size": 200734, "status": "public", "url": "https://addons.mozilla.org/firefox/downloads/file/765172/bitbucket_server_reviewers_groups-2.2.12-an+fx.xpi?src=", "permissions": [ "storage", "alarms", "tabs", "http://*/*", "https://*/*", "Load the detail for that add-on:
What happened?
You get a 403 which is also not JSON:
What did you expect to happen?
Since it's a public add-on, it should not be a 403
Anything else we should know?
(Please include a link to the page, screenshots and any relevant files.)
Reported in https://github.com/mozilla/addons/issues/11277