johnbillion/query-monitor

403 Forbidden on self GET wp-admin

thefrosty opened this issue · 2 comments

thefrosty commented

I've been seeing this 403 Forbidden error in my HTTP API Calls for quite some time, and am looking into it.

It's a URL in which can be hit on any WordPress install with the standard DB Update screen (if they aren't blocking such a request). So internally I would expect no such error.

I can hit the /wp-admin/upgrade.php?step=1 on my site in a private non-logged in window, so just trying to understand what else I might be missing.

Current server stats:

  • PHP: 8.2.15 (was happening on 8.0 too)
  • Apache 2.4.58 (behind nginx reverse Proxy)
  • Multisite/multinetwork.
Plugins_‹_Austin_Passy_—_WordPress
johnbillion commented

That's the standard mechanism that WordPress multisite uses to perform updates on sites within the network. I've no idea why it could return a 403.

This isn't triggered by Query Monitor, despite what the "Component" column says. Sometimes QM will blame itself if it's not sure what triggered the request or if your site uses a non-standard directory structure.

thefrosty commented

Thanks, I'll continue my investigation elsewhere.