403 Forbidden with gutenberg

by

I have installed Gutenberg on a simple, local WP site.

I have installed and activated the plugin but whenever I try to make a change to a post, I get the updating failed warning. Checking in the dev tools I see that a 403 Forbidden reponce is being given back by the server.

I followed the advice in this article, making sure I had pretty permalinks on.

I sent the request to BURP to have a play with the request being sent. Here it is:

PUT /wp-json/wp/v2/pages/60 HTTP/1.1
Host: ***my local domain***
Connection: close
Content-Length: 777
Pragma: no-cache
Cache-Control: no-cache
Origin: ***my local domain***
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3323.0 Safari/537.36
Content-Type: application/json
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
X-WP-Nonce: b365dcef8f
DNT: 1
Referer: https://***my local domain***/wp/wp-admin/post.php?post=60&action=edit
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_260694076abf2baac48f7f0d0bc8d5ba=jab2870%7C1516284183%7CBeGMhE39HOJIPjnVq5TXYmmRpIIDLrel50pzD1aIojs%7C730f751757f9a721555c87e9410057eda7e3c2300d09cda168179157cc53e685

{"status":"publish","content":"<!-- wp:paragraph -->\n<p>test</p>\n<!-- /wp:paragraph -->","id":60}

If I make the request GET rather than PUT, I get a valid 200 response but the changes obviously don’t take effect. I thought perhaps that my local server was blocking PUT requests. I don’t have mod_security enabled though so I don’t know what else would be blocking them.

I am running

  • PHP 7.0.18
  • Apache/2.4.25
  • WP 4.9.1
  • Gutenberg 2.0.0

I have tried installing Gutenberg on a vanilla WP installation and am getting the same results

1 Answer
1

In case anybody comes across this, I had the following in my apache config

<Directory "/home/*/Sites">
    AllowOverride All FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
</Directory>

The WP API was trying to use the method PUT. I also believe it sometimes uses the method DELETE.

Changing above code to this solved it for me:

<Directory "/home/*/Sites">
    AllowOverride All FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST PUT DELETE OPTIONS
</Directory>

Leave a Comment