[support] Strange AJAX error

Jamie Holly hovercrafter at earthlink.net
Fri Dec 14 05:56:12 UTC 2012


If you have any folders that start with a . then people will be able to 
access them. Best thing to do is to just delete those folders if you 
aren't using Git on your server, or add the actual folder to the 
htaccess rule.

Jamie Holly
http://www.intoxination.net
http://www.hollyit.net

On 12/13/2012 8:28 PM, Austin Einter wrote:
> Jamie
> What a fantastic answer!!
> You made my day. I just commented the line you recommended and it 
> worked fine.
>
> I have a .git folder as below.
>
>  sites/all/modules/betterselect/.git
>
> So if I have a .git folder and I commented out the rule you 
> recommended, then what problem  I may face.., please elaborate..
>
> Thanks
> Austin
>
>
> On Thu, Dec 13, 2012 at 9:48 AM, Jamie Holly 
> <hovercrafter at earthlink.net <mailto:hovercrafter at earthlink.net>> wrote:
>
>     Actually this is caused by Drupal's .htaccess file:
>
>      # Block access to "hidden" directories whose names begin with a
>     period. This
>       # includes directories used by version control systems such as
>     Subversion or
>       # Git to store control files. Files whose names begin with a
>     period, as well
>       # as the control files used by CVS, are protected by the
>     FilesMatch directive
>       # above.
>       #
>       # NOTE: This only works when mod_rewrite is loaded. Without
>     mod_rewrite, it is
>       # not possible to block access to entire directories from
>     .htaccess, because
>       # <DirectoryMatch> is not allowed here.
>       #
>       # If you do not have mod_rewrite installed, you should remove these
>       # directories from your webroot or otherwise protect them from being
>       # downloaded.
>       RewriteRule "(^|/)\." - [F]
>
>     You can remove that rule from .htaccess if you like. I would just
>     make sure you don't have any hidden directories, like .git.
>
>     Jamie Holly
>     http://www.intoxination.net  
>     http://www.hollyit.net
>
>     On 12/12/2012 10:45 PM, Vaibhav Jain wrote:
>>     You can check once on the permissions provided in hook_menu.
>>
>>
>>     On Thu, Dec 13, 2012 at 8:02 AM, Austin Einter
>>     <austin.einter at gmail.com <mailto:austin.einter at gmail.com>> wrote:
>>
>>         Dear All
>>         I have an auto complete text field , where user types and if
>>         corresponding  entry is present in database, I show it to
>>         user using below code.
>>
>>         /*$matches = array();
>>           if ($string)
>>           {
>>               $result = db_select('resubmt_skill_ids')
>>                 ->fields('skill_ids', array('name', 'id'))
>>                 ->condition('name', db_like($string) . '%', 'LIKE')
>>                 ->range(0, 10)
>>                 ->execute();
>>               foreach ($result as $skill)
>>               {
>>                   $matches[$skill->name] = check_plain($skill->name);
>>               }
>>           }
>>           drupal_json_output($matches);
>>         */
>>         Lets say one user wanted to type /*.net*/, as soon as user
>>         types /*.n*/ I get below error.
>>
>>         /*
>>         An AJAX HTTP error occurred.
>>         HTTP Result Code: 403
>>         Debugging information follows.
>>         Path: http://localhost/example.com/util/known/skillsets
>>         StatusText: Forbidden
>>         ResponseText:
>>         403 Forbidden
>>         Forbidden
>>         You don't have permission to access /util/known/skillsets/.n
>>         on this server.
>>         Apache/2.2.14 (Ubuntu) Server at localhost Port 80
>>         */
>>
>>         Can somebody help me why this error comes and how can I avoid it.
>>
>>         Thanks
>>         Austin
>>
>>
>>
>>
>>
>>         --
>>         [ Drupal support list | http://lists.drupal.org/ ]
>>
>>
>>
>>
>>     -- 
>>     Regards,
>>     Vaibhav Jain
>>
>>
>
>
>     --
>     [ Drupal support list | http://lists.drupal.org/ ]
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20121214/827af299/attachment.html 


More information about the support mailing list