Inexplicable 403 CORS error

We’re experiencing a very long standing issue posting longer comments on, where as an experienced retired software engineer I’ve been helping out to make significant improvements to the commenting system, where we’ve had a persistent issue that some comments won’t save, and it appears Cloudflare is for some reason objecting to them, where a CORS 403 error is generated.

Here is a sample comment that causes the error, where it cannot be encoded or abbreviated any further, as doing so invariably results in the call going through, even encoding (as aaaa’s) or removing the sentence “Once you have enabled them, you will never have to manually refresh the page again”:

Aaa aaa aaaaaa aaaaaaa aaaaaaaaaaaaa aaa aa aaaaa aaa, aaa aa aaa “Aaaaaaa” aaaaaaaa, aaaa aaa aaaaa aaa aaaaaa aaaaa, aaaa aa aaaaaa aaaaaaaa aaaaaaa, aaa aa aaa aaa aaa aaaaaaa aaaaaa aaa aaa aaaaaaa, aaaaa a aaaaaa aa aaa, aaa aaaaaa aaa aaa aaaaa aaaa Aaaaaaa aaaaaa aaaa aaaaa aaa aaaaaaaa, aaaa aaa aaaaaa aa aaaaaa aaaaaaa aaaaaaaa aa aaa aaaaa aaaa aaaa.

Once you have enabled them, you will never have to manually refresh the page again (unless you are on a BitChute video, and your computer goes offline for over five minutes, e.g. you put your laptop to sleep on battery power), where changes to the comments will “automatically” appear, and for the Popular sort order, the order of the comments is maintained too!

Enjoy, and if you are still having trouble, please let me know.

We use jQuery, and with the latest version (3.6.0) it is possible to use a site override (in Chrome, Edge etc) with the uncompressed version of the module, where setting a breakpoint at the point the XMLHttpRequest send method is called (line #10109; can click exception link), yields the following options used with the request, where the data option is what is actually passed to send:

  1. accepts: {: '/*’, text: ‘text/plain’, html: ‘text/html’, xml: ‘application/xml, text/xml’, json: ‘application/json, text/javascript’, …}
  2. async: true
  3. contentType: “application/x-www-form-urlencoded; charset=UTF-8”
  4. contents: {xml: /\bxml\b/, html: /\bhtml/, json: /\bjson\b/, script: false}
  5. converters: {text html: true, * text: ƒ, text json: ƒ, text xml: ƒ, text script: ƒ, …}
  6. crossDomain: true
  7. data: “commentData%5Bid%5D=c3&commentData%5Bparent%5D=&commentData%5Bcreated%5D=2022-02-22T16%3A21%3A34.176Z&commentData%5Bmodified%5D=2022-02-22T16%3A21%3A34.176Z&commentData%5Bcontent%5D=Aaa+aaa+aaaaaa+aaaaaaa+aaaaaaaaaaaaa+aaa+aa+aaaaa+aaa%2C+aaa+aa+aaa+%22Aaaaaaa%22+aaaaaaaa%2C+aaaa+aaa+aaaaa+aaa+aaaaaa+aaaaa%2C+aaaa+aa+aaaaaa+aaaaaaaa+aaaaaaa%2C+aaa+aa+aaa+aaa+aaa+aaaaaaa+aaaaaa+aaa+aaa+aaaaaaa%2C+aaaaa+a+aaaaaa+aa+aaa%2C+aaa+aaaaaa+aaa+aaa+aaaaa+aaaa+Aaaaaaa+aaaaaa+aaaa+aaaaa+aaa+aaaaaaaa%2C+aaaa+aaa+aaaaaa+aa+aaaaaa+aaaaaaa+aaaaaaaa+aa+aaa+aaaaa+aaaa+aaaa.%0A%0AOnce+you+have+enabled+them%2C+you+will+never+have+to+manually+refresh+the+page+again+(unless+you+are+on+a+BitChute+video%2C+and+your+computer+goes+offline+for+over+five+minutes%2C+e.g.+you+put+your+laptop+to+sleep+on+battery+power)%2C+where+changes+to+the+comments+will+%22automatically%22+appear%2C+and+for+the+Popular+sort+order%2C+the+order+of+the+comments+is+maintained+too!%0A%0AEnjoy%2C+and+if+you+are+still+having+trouble%2C+please+let+me+know.&commentData%5Bfullname%5D=You&”
  8. dataTypes: [’*’]
  9. error: ƒ (request)
  10. flatOptions: {url: true, context: true}
  11. global: true
  12. hasContent: true
  13. isLocal: false
  14. jsonp: “callback”
  15. jsonpCallback: ƒ ()
  16. processData: true
  17. responseFields: {xml: ‘responseXML’, text: ‘responseText’, json: ‘responseJSON’}
  18. success: ƒ (userArray, textStatus, jqHHR)
  19. type: “POST”
  20. url: “

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.