I am trying to upload a file to the /api/upload endpoint. I am authenticating, but I am getting a 500 error: forbidden access. I am attempting with Python and with cURL. I am thinking I have my privileges misconfigured? The service account uploading this file has editor and reader permissions set. I can share my code if you would like but I think it is an admin issue.
[2022-02-06 19:36:50.948] error: Forbidden access
ForbiddenError: Forbidden access
at Object.verify (/srv/strapi-azure/node_modules/@strapi/plugin-users-permissions/server/strategies/users-permissions.js:89:13)
System Information
-
Strapi Version: 4.0.7
-
Operating System:
-
Database:
-
Node Version:
-
NPM Version:
-
Yarn Version:
1 Like
Not sure if this helps but you will get âforbiddenâ when your Authorization Bearer token is missing or malformed in the header of your POST request. Otherwise, the generic error 500 is typically thrown when the server hits an unexpected condition.
This is how I form the headers:
headers = {
âAuthorizationâ: f"Bearer {jwt}",
}
I know am getting the jwt successfully. I also can verify because I also wrote code to publish a new âProductâ object and I was able to create and object. The trouble is with upload.
Let me share my code:
subprocess.run(["curl", "-H", f"'Authorization: Bearer {jwt}'", '-X', 'POST', 'http://<my strapi server id address>:1337/api/upload', '-H', "'content-type: multipart/form-data;'", '-F', "'file=/path/to/my/file/@Afilename.stl'"], shell=True, check=True)
here is another way I tried it:
url = f"{strapi_server_url}/api/upload"
headers = { 'Authorization': f"Bearer {jwt}"}
filename = "filename.stl"
file=open(os.getcwd() + f'\\{filename}', 'rb')
payload={'submit': "Submit"}
response = requests.post(url, files={'file': (filename, file )}, data=payload, headers=headers)