Cannot delete a profile pic under settings

When trying to delete a profile picture, either as a user or a vendor, using the “x” displayed on the profile picture under account/settings or account/vendor/settings, i get this error in my console:

XHR DELETE https://www.website.com/wp-json/hivepress/v1/attachments/1019/
Status
403

Forbidden

VersionHTTP/2

Transferred1,28 kB (1,21 kB size)

Referrer Policystrict-origin-when-cross-origin

Request PriorityHighest

However, when changing the profilepicture by uploading a different one, the old one gets removed and replaced by the new one - effectively “deleting” the old picture.

# EDIT # Disabling MODSECURITY on my server made it work again. So now I need to make a MODSECURITY RULE to allow these delete requests through.

→ Debugging it further, it is this MODSECURITY Rule-package that is causing a problem: REQUEST-911-METHOD-ENFORCEMENT.conf →

Any suggestions how to formulate such a rule? It’s also strange to me that overwriting the image works, but deleting it is prevented.
(Btw I’m running litespeed webserver through cyberpanel.)

Edit it seemes that the delete http request is being blocked. Rule 911100

Hi,

Most likely, the server blocks DELETE requests, or you have the WordPress security plugin installed.

Also, this issue may occur when the website URL does not match in the request.

Hello. I managed to solve it by adding a rule to exclude blocking of DELETE requests sent by the REQUEST_URI “@beginsWith /wp-json/hivepress/v1/attachments/”. Now it works, thanks.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.