"403 Origin Unauthorized" when changing/adding file

[freyavs]

Hello, me and my project partner are both trying two different things, but we are both getting the same error:

403 Origin Unauthorized:
No permission to access this resource
You are currently logged in as https://fvspeybr.inrupt.net/profile/card#me, but do not have permission to access https://fvspeybr.inrupt.net/public/location2.ttl.

When I allow "everyone" to be an "editor", so to write, read and control the location2.ttl file, I am able to change my file with a sparql update query. But when I remove "everyone" and only put myself as owner, I am getting the error message above. It seems like it might not be recognizing me as owner of the file, but unfortunately we have no idea what is going wrong here.

My partner is getting the same error, but he is trying to make a new file in the public directory with the solid-file-client and it also won't let him make a new file without having "everyone" as "editors" in the .acl file.

We are able to do all of these things in the browser, but not programmatically.

These are the files I am working with:
https://fvspeybr.inrupt.net/public/location2.ttl.acl
https://fvspeybr.inrupt.net/public/location2.ttl

[RubenVerborgh]

Would you be able to post the contents of the .acl file? We don't have permission to view it (which is a good thing, so don't change that 🙂).

[freyavs]

These are the contents:

@prefix : <#>.
@prefix n0: <http://www.w3.org/ns/auth/acl#>.
@prefix c: </profile/card#>.
@prefix n1: <http://xmlns.com/foaf/0.1/>.

:ControlReadWrite
    a n0:Authorization;
    n0:accessTo <location2.ttl>;
    n0:agent c:me;
    n0:mode n0:Control, n0:Read, n0:Write.
:Read
    a n0:Authorization;
    n0:accessTo <location2.ttl>;
    n0:agentClass n1:Agent;
    n0:mode n0:Read.

[RubenVerborgh]

The permissions look fine to me. Are you doing cross-host requests by any chance?
Because there are special settings required for doing so.

Or is it really an app running on fvspeybr.inrupt.net that has the problem?

[freyavs]

The app is running on localhost. I am getting this warning in the console, but up until now it hasn't given us any problems (and it doesn't seem like my partner is getting it, but it might be because we are running different code).

A cookie associated with a cross-site resource at https://inrupt.net/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

[RubenVerborgh]

The app is running on localhost.

Then I suspect this will help you: https://github.com/solid/web-access-control-spec#adding-trusted-web-apps

A cookie associated with a cross-site resource at https://inrupt.net/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure.

@jaxoncreed Are we aware of this?

[freyavs]

This was indeed the problem! I thought our app already asked for these permissions in the very beginning, but it seems like I might've been mistaken. Should this be automated or should the user manually allow the app access?

[RubenVerborgh]

Should this be automated or should the user manually allow the app access?

It should be automated; maybe something went wrong there or was overwritten.

[freyavs]

Okay, I guess I will need to take a look at this then. Thank you very much!

[josephguillaume]

The Samesite=None issue is documented in #151 and nodeSolidServer/node-solid-server#1463