Home → Problems →

403 errors when trying to update email templates in Customer Communication

• Edit

Romain André-Lovichi

08 Jul, 2020 01:37 PM

Dear Cheddar Support,

I'm working at 360Learning as a software engineer, and I have trouble updating the email templates in Customer Communication.

For example, for the product "360DEV EUR", I can't change the "New subscription" email template.
Every time I click on the "Save Changes" button, I get a 403 error in the console (POST https://www.getcheddar.com/admin/emails/template 403), and the changes in the HTML are not saved.

When I click on the "Preview" button, the preview itself is blank, and I get another 403 error in the console (POST https://www.getcheddar.com/admin/emails/template/preview/1 403)

I've administrator rights on this product.

Could you please help me understand what's going on, and out to fix this?

Thanks a lot, and best regards!

1. Support Staff 1 Posted by Mike Trotzke on 10 Jul, 2020 07:06 PM

   

   Hi Romain,

   We were able to trace this issue down to a cross-site scripting block by our web application firewall. We moved into a new hosting environment with a new firewall Monday. We've disabled the blocking rule for email preview requests and they should work normally now.

   Thanks!
   Mike

   • Edit

2. Mike Trotzke closed this discussion on 10 Jul, 2020 07:06 PM.

3. Romain André-Lovichi re-opened this discussion on 13 Jul, 2020 08:36 AM

4. 2 Posted by Romain André-Lo... on 13 Jul, 2020 08:36 AM

   

   Hello Mike!

   The preview works again, but I have still 403 errors when I click on "Save Changes" (POST https://www.getcheddar.com/admin/emails/template 403).

   This is blocking: I can't edit a single mail template!

   Could you please have a look at this and keep me posted?

   Thanks a lot!

   • Edit

5. Support Staff 3 Posted by Mike Trotzke on 14 Jul, 2020 01:06 PM

   

   Romain,

   Thanks for the report. We’ve disabled the blocking on save as well. You should now be able to edit templates as normal. Let is know if you have any other issues.

   Thanks,
   Mike

   • Edit

6. Mike Trotzke closed this discussion on 14 Jul, 2020 01:06 PM.

7. Romain André-Lovichi re-opened this discussion on 15 Jul, 2020 01:24 PM

8. 4 Posted by Romain André-Lo... on 15 Jul, 2020 01:24 PM

   

   Hello Mike,

   Thanks for your answer: everything seems to work now.

   By the way, what is the recommended way to deploy changes on mail templates in production?

   Currently, we are using "dev" products (360DEV EUR) for testing purpose, but then we have to copy/paste the template one-by-one.

   Thanks a lot, and best regards!

   • Edit

9. 5 Posted by API prod on 22 Jul, 2020 02:12 PM

   

   Hello Mike,

   The source of this bug seems the same cause of https://support.getcheddar.com/discussions/problems/10621-error-403...

   Probably there's a script blocking the strings "%20on", "%20On".
   In the example, there's a company's name called "Radiation and Oncology"

   • Edit

10. 6 Posted by API prod on 22 Jul, 2020 03:01 PM

    

    Btw, if we remove the company's field the form is opened normally
    But after filling manually the company's name, the form isn't creating a new user.

    The issue is on a rule blocking some names because replacing spaces by underscores allows us to create a user.

    • Edit

11. Support Staff 7 Posted by Marc Guyer on 22 Jul, 2020 03:16 PM

    

    Closing this in favor of https://support.getcheddar.com/discussions/problems/10621-error-403....

    Please reopen this one if you're still experiencing issues the email templates.

    • Edit

12. Marc Guyer closed this discussion on 22 Jul, 2020 03:16 PM.