When trying to delete a profile picture, either as a user or a vendor, using the “x” displayed on the profile picture under account/settings or account/vendor/settings, i get this error in my console:
XHR DELETE https://www.website.com/wp-json/hivepress/v1/attachments/1019/
Status
403
Forbidden
VersionHTTP/2
Transferred1,28 kB (1,21 kB size)
Referrer Policystrict-origin-when-cross-origin
Request PriorityHighest
However, when changing the profilepicture by uploading a different one, the old one gets removed and replaced by the new one - effectively “deleting” the old picture.
# EDIT # Disabling MODSECURITY on my server made it work again. So now I need to make a MODSECURITY RULE to allow these delete requests through.
→ Debugging it further, it is this MODSECURITY Rule-package that is causing a problem: REQUEST-911-METHOD-ENFORCEMENT.conf →
Any suggestions how to formulate such a rule? It’s also strange to me that overwriting the image works, but deleting it is prevented.
(Btw I’m running litespeed webserver through cyberpanel.)
Edit it seemes that the delete http request is being blocked. Rule 911100