I’m asking for your help because despite all my research (especially with ChatGPT), I can’t resolve the bug.
When a user tries on my site: https://www.ligannonce.fr/ , to delete an image that he has posted for the details of his ad, it is deleted on the front, but when reloading the page it reappears!
So I checked the console and it turns out there’s an authorisation problem:
I checked that the web hosting and the site had the same PHP version because I’ve seen other people with this problem on the forum and this solution has been found, but I have the same version on both architectures (PHP 7.4).
Another idea was to set permissions for users, but I’ve tried admin and that doesn’t work either…
So I’m totally lost and I’m a novice as a developer (student), so that’s why I’m asking for your help, thank you very much to the whole team!
Yes, I did add custom codes, and I checked the snippets, there was nothing that could affect the right to delete images, to be really sure I even deactivated the snippets to see if there was a change and no, even removing my custom codes the image removal doesn’t work.
Please disable third-party plugins and customizations (if there are any) and check if this issue persists. If you use a caching plugin, make sure that caching is disabled for logged-in users. If the issue persists, I recommend contacting your hosting provider, as it may be cached on their end.
So yes, I’ve deactivated all the plug-ins and it still doesn’t work. I’ve checked the server configuration and spoken to OVH and they seem to be working, and I also have a second site hosted on the same web server and on this site (which is also a marketplace) the DELETE method works well, I manage to delete the images, but not on my Hive press site.
However, I managed to retrieve the logs on ovh of the 403 errors on my site, here they are:
[Thu Sep 21 08:26:20 2023] [error] [client 90.84.182.3] ModSecurity: Access denied with code 403 (phase 2). Match of “within %{tx.allowed_methods}” against “REQUEST_METHOD” required. [file “/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_30_http_policy.conf”] [line “30”] [id “960032”] [msg “Method is not allowed by policy”] [data “DELETE”] [severity “CRITICAL”] [tag “POLICY/METHOD_NOT_ALLOWED”] [tag “WASCTC/WASC-15”] [tag “OWASP_TOP_10/A6”] [tag “OWASP_AppSensor/RE1”] [tag “PCI/12. 1”] [hostname “www.ligannonce.fr”] [uri “/wp-json/hivepress/v1/attachments/708/”] [unique_id “ZQviDJ7Sc-GihlAOBKVb4AAAADk”]
ChatGPT informed me that the problem came from ModSecurity, but I don’t know what it really is, or is there a problem with the wp-json/hivepress/v1/attachments API?
If anyone has encountered this problem, thanks for your help
Please make sure you have the latest version of the HivePress 1.7.1 extension. If you have the latest version of the extension, there may be issues on the part of the hosting provider, I recommend testing another one or contacting the current one for support.