403 forbidden error

  • Resolved totallyminimad

    (@totallyminimad)


    5 months, 2 weeks ago

    hi there,

    I get a 403 forbidden error (from the server triggering a Modsec rule) when trying to add this inside Fluent Snippets, but it applies ok using Code Snippets. Any idea why?

    // Add delivery date field to the checkout
    add_action("woocommerce_after_order_notes", "cwpai_add_delivery_date_field");
    function cwpai_add_delivery_date_field($checkout)
    {
        $min_date = date('Y-m-d', strtotime('+0 days')); // 0 days from today
        $max_date = date('Y-m-d', strtotime('+0 days')); // 0 days from today

        echo '<div id="cwpai_delivery_date_field"><h2>' . __("Delivery Date") . "</h2>";
        woocommerce_form_field(
            "cwpai_delivery_date",
            [
                "type" => "date",
                "class" => ["cwpai-field-class form-row-wide"],
                "required" => true, // this field is mandatory
                "custom_attributes" => [
                    'min' => $min_date,
                    'max' => $max_date
                ],
            ],
            $checkout->get_value("cwpai_delivery_date")
        );
        echo "</div>";
    }

    // Save delivery date to the order meta
    add_action(
        "woocommerce_checkout_update_order_meta",
        "cwpai_save_delivery_date_to_order_meta"
    );
    function cwpai_save_delivery_date_to_order_meta($order_id)
    {
        if (!empty($_POST["cwpai_delivery_date"])) {
            update_post_meta(
                $order_id,
                "cwpai_delivery_date",
                sanitize_text_field($_POST["cwpai_delivery_date"])
            );
        }
    }

    // Display delivery date in the custom column
    add_action('woocommerce_admin_order_data_after_shipping_address', 'cwpai_my_orders_delivery_date_column');
    function cwpai_my_orders_delivery_date_column($order)
    {
        $delivery_date =  "<strong>Delivery Date:</strong><br>" . get_post_meta($order->get_id(), 'cwpai_delivery_date', true); // Get custom order meta
        echo !empty($delivery_date) ? $delivery_date : 'N/A';
    }
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Ruman Ahmed

    (@algorithmsunlocks)

    4 months, 3 weeks ago

    Hello @totallyminimad,

    Thank you for sharing the detailed information. This issue is caused by the server’s security system (ModSecurity), not by the snippet itself. The code is valid and safe. That’s why:

    • It works correctly on the frontend
    • It works when added using the Code Snippets plugin

    However, Fluent Snippets saves code using a REST API request. When the server scans this request, ModSecurity blocks it with a 403 Forbidden error because the snippet contains normal WooCommerce logic that reads form data and saves it to the database. This is a false positive from the server firewall.

    Possible solutions:

    • Ask the hosting provider to whitelist Fluent Snippets or relax the ModSecurity rule
    • Temporarily disable ModSecurity, save the snippet, then re-enable it

    Hopefully, this might help you in this matter.

    Best regards!
    Ruman Ahmed.

    Thread Starter totallyminimad

    (@totallyminimad)

    4 months, 3 weeks ago

    Thank you Ruman, i’ll forward this to my web host.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.