Ajax Post Request gets 403 Forbidden Response

Question

I'm using Valums file uploader ( https://github.com/Valums-File-Uploader/file-uploader ) to upload files to server. When I try to upload file it gets uploaded 100% and then I get the 403 Forbidden response.

When I access the php script which handles uploads and where script does Post request it loads normally, I don't get that 403 Forbidden error message.

What could be a reason for this 403 error which occurs only on post request, not on usual browser access? I tried the script on two different server setups, it worked like a charm on one, but can't get it to work on other one.

Script for attaching file uploader to div:

var uploader = new qq.FileUploader({
    element: document.getElementById('file-uploader'),
    action: 'fileuploader/file_upload.php<?php if ( isset( $_GET['maxwidth'] ) ) echo "?maxwidth=" . $_GET['maxwidth']; ?>',
    params: {  },
    allowedExtensions: ['jpg', 'jpeg', 'png', 'gif'],
    sizeLimit: 2097152,
    uploadButtonText: '<?php echo t('Upload image'); ?>',
    cancelButtonText: '<?php echo t('Cancel'); ?>',
    dragText: '<?php echo t('Drop files here to upload'); ?>',
    failUploadText: '<?php echo t('Upload unsuccessful'); ?>',
    onComplete: function(id, fileName, responseJSON){
        $( '#cancel-upload' ).trigger( 'click' );
        $( '#refresh' ).trigger( 'click' );
        selectFile = responseJSON['file'];
    }
}); 

file_upload.php script is slightly modified script which comes with the script: https://github.com/Valums-File-Uploader/file-uploader/blob/master/server/php.php

This is response I'm receiving:

Request URL:http://***/mod/ckeditor/plugins/scriptemimage/php/fileuploader/file_upload.php?phpsessid=vej2rc55iajknkjsp4taecsbn2&maxwidth=600&qqfile=751152_13643298+(Custom).jpg
Request Method:POST
Status Code:403 Forbidden
Request Headersview source
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:hr,en-US;q=0.8,en;q=0.6
AlexaToolbar-ALX_NS_PH:AlexaToolbar/alxg-3.2
Connection:keep-alive
Content-Length:9774
Content-Type:image/jpeg
Cookie:__utma=***; __utmc=***; __utmz=***; PHPSESSID=***
Host:www.***.***
Origin:http://www.***.***
Referer:http://***/mod/ckeditor/plugins/scriptemimage/php/browser.php?langCode=hr&maxwidth=600&run=window.opener.document.getElementById('new-article-image').value=selectedImages();window.opener.updateThumb();
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
X-File-Name:751152_13643298%20(Custom).jpg
X-Mime-Type:image/jpeg
X-Requested-With:XMLHttpRequest
Query String Parametersview sourceview URL encoded
phpsessid:vej2rc55iajknkjsp4taecsbn2
maxwidth:600
qqfile:751152_13643298 (Custom).jpg
Response Headersview source
Connection:close
Content-Length:399
Content-Type:text/html; charset=iso-8859-1
Date:Sat, 28 Dec 2013 18:39:20 GMT
Server:Apache

Answer 1

This could be that your browser has cookies that authenticate it on the server, but the post request doesn't have those. Check your browser's cookies for the upload site.