I get a 403 page with the message:

Forbidden

You don't have permission to access /couch/ on this server.

Whenever I embed a Soundcloud embed on my hosting provider. It runs fine on my own server, or my laptop. In both those environments I am running nginx though. Here's an example of a soundcloud iframe that creates the problem.

Code: Select all

<iframe width="100%" height="166" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/65332443&amp;color=ff5500&amp;auto_play=false&amp;hide_related=false&amp;show_comments=true&amp;show_user=true&amp;show_reposts=false"></iframe>

Youtube, Vimeo, and Bandcamp iframe embeds all work no problem, but I can't get the soundcloud embed into the database because the 403 error is generated. I find no error log on my hosting provider, but I do have a ticket that they have not responded to yet with respect to that.

Here is how I have defined the editable region:

Code: Select all

   <cms:editable name='blog_audio_embed' type='textarea'
       label='Soundcloud/Bandcamp Embed Code'
      desc='Best if you only use the part between "<iframe> ... </iframe>" inclusive.'
        no_xss_check='1'
        group='blog_media'
   />

I can omit soundcloud embeds if I have to, but I am curious if anyone has seen anything like it. When I searched the forum, the only thing similar had to do with on page editing and databound forms. In this case it is the regular backend producing the error.

I have tried to make sure all my permissons are as they should be, and used sitescan.php to make sure and verify.

[KK]

Hi,

Thanks for the creds you PMed me.

I've run across this problem a few times before - you hit 'save' and the server responds with
"403 Forbidden You don't have permission to access /couch/ on this server".

Each time the problem was tracked to some security-hardening mod on the server (e.g. suhosin) that freaks out upon encountering certain text in the posted content.

In your case, it turns out to be the '%' character in width="100%".
Try removing it and the page should save fine (it is for me, at least).

As to why this particular character - I've no clue. I found it by trial-n-error.
Your host probably would be able to help. I can only assure you that the problem is not Couch related.

Thanks.

KK,

I have to say you and cheesypoof are truly amazing, . CouchCMS has not gotten that big yet, so it is possible for you to do it, but you and cheesypoof give better support than a lot of commercial organizations. I really appreciate not only your support efforts, but the time and thought that has clearly been put into design. Except for the uploading to the media dir, which I figured wasn't about your design choices, everything I have found myself wanting to do Couch has a straight forward, and usually elegant, solution already built in. Although I've not taken PHP programming seriously, and do know there actually is a lot of quality PHP software out there, it is Couch that is going to get me to start learning PHP for real. I am looking forward to it.

I will be filing a support issue with my hosting provider on further inspection, and see if there is anything they can do about it, . I never thought it was Couch, but I figured anothfer pair of eyes gracious enough to look at it would be useful. I also felt that leaving a record that someone else may find, could assist them with relating to a similar issue. Thank you for your time, efforts, and product, .

[KK]

You are welcome, @atenhotep and thank you very much indeed for your kind words

No hosting support ticket needed. Yes! They're much less valueable at support than the Couch team.

Changing '%' to its HTML code '%' worked.

Maybe that should have been obvious if I were really a web developer, but I am not. It has taken finding Couch for me to actually enjoy building a website. Now, if someone else has this issue, they have a possible good solution for them documented in the forum.

Edit: I may file that support ticket anyways. The '%' char shows up in other embeds all the time, and is never an issue. If it is their secutity module, it is a PITA , and should be fixed.

[KK]

Thank you for sharing the solution