403 Forbidden error with woocommerce downloads

G’day tami73,

I can’t reproduce that with a basic WooCommerce site. Can you tell me more about your site and products please?

Does your website mix HTTP and HTTPS pages?

What download method do you have configured? (Force Downloads, X-Accel-Redirect/X-Sendfile, Redirect only)

Do your downloadable products download from the standard WooCommerce downloads folder inside wp-uploads, or do you have an add-on such as Amazon S3 downloads or DropBox?

I can’t get any difference in my test environment between with or without the fixer. I do see a difference when the product download URL has begins with http: or https: — the former opens PDF products in a new tab, whereas the latter downloads the products. I’d suggest that all your products should use https: URLs for their downloadable files.

cheers,
Ross

Hi again. No we only use https and we have force downloads configured. I tried the other options with the same results 403 error. We are using the standard wordpress downloads from wp-iploads and below is our system status

### WordPress Environment ###

Home URL: https://elongtress.com
Site URL: https://elongtress.com
WC Version: 2.6.14
Log Directory Writable: ?
WP Version: 4.7.2
WP Multisite: –
WP Memory Limit: 256 MB
WP Debug Mode: –
WP Cron: ?
Language: en_US

### Server Environment ###

Server Info: LiteSpeed
PHP Version: 7.0.15
PHP Post Max Size: 256 MB
PHP Time Limit: 600
PHP Max Input Vars: 1000
cURL Version: 7.36.0
OpenSSL/1.0.1e

SUHOSIN Installed: –
Max Upload Size: 8 MB
Default Timezone is UTC: ?
fsockopen/cURL: ?
SoapClient: ? Your server does not have the SoapClient class enabled - some gateway plugins which use SOAP may not work as expected.
DOMDocument: ?
GZip: ?
Multibyte String: ?
Remote Post: ?
Remote Get: ?

### Database ###

WC Database Version: 2.6.14
: 
woocommerce_sessions: ?
woocommerce_api_keys: ?
woocommerce_attribute_taxonomies: ?
woocommerce_downloadable_product_permissions: ?
woocommerce_order_items: ?
woocommerce_order_itemmeta: ?
woocommerce_tax_rates: ?
woocommerce_tax_rate_locations: ?
woocommerce_shipping_zones: ?
woocommerce_shipping_zone_locations: ?
woocommerce_shipping_zone_methods: ?
woocommerce_payment_tokens: ?
woocommerce_payment_tokenmeta: ?

### Active Plugins (59) ###

WP Missed Schedule: by sLaNGjIs – 2014.1231.2016.0
Add Admin CSS: by Scott Reilly – 1.4
AddFunc Head & Footer Code: by AddFunc – 1.3
Anti-spam: by webvitaly – 4.3
Backup by blogVault: by Backup by blogVault – 1.45
Cloudflare: by John Wineman
Furkan Yilmaz
Junade Ali (Cloudflare Team) – 3.1.1

Custom Post Type UI: by WebDevStudios – 1.5.2
Disable Responsive Images: by Joseph Fusco – 1.1
Featured Image In Rss Feed: by Dinesh Karki – 2.1
Header and Footer Scripts: by Anand Kumar – 1.3.4
IntenseDebate: by IntenseDebate & Automattic – 2.9.7
Members: by Justin Tadlock – 1.1.3
Menu Image: by Alex Davyskiba aka Zviryatko – 2.7.0
NS FBA for WooCommerce: by Never Settle – 2.0.0.2
NextScripts: SNAP Pro Upgrade Helper: by NextScripts – 1.3.9
Official StatCounter Plugin: by Aodhan Cullen – 2.0.1
Page Links To: by Mark Jaquith – 2.9.6
Post Pay Counter PRO: by Stefano Ottolenghi – 1.6.8.5
Post Pay Counter: by Stefano Ottolenghi – 2.712
Quick Featured Images Pro: by Martin Stehle – 5.1.1
Regenerate Thumbnails: by Alex Mills (Viper007Bond) – 2.2.6
Simple Custom CSS: by John Regan
Danny Van Kooten – 3.3

NextScripts: Social Networks Auto-Poster: by NextScripts – 3.7.15
Soliloquy - CSS Addon: by Soliloquy Team – 2.2.1
Soliloquy - Themes Addon: by Soliloquy Team – 2.2.0
Soliloquy - WooCommerce Addon: by Soliloquy Team – 1.1.3
Soliloquy: by Soliloquy Team – 2.5.3.1
SSL Insecure Content Fixer: by WebAware – 2.2.3
Stripe WooCommerce Addon: by Syed Nazrul Hassan – 1.0.8
TinyMCE Advanced: by Andrew Ozz – 4.4.3
User Switching: by John Blackbourn – 1.0.9
W3 Total Cache: by Frederick Townes – 0.9.5.2
WC Custom Thank You: by Nicola Mustone – 1.1.0
Digital Goods Checkout for WooCommerce: by PluginDistrict – 1.4
WooCommerce Conversion Tracking: by Tareq Hasan – 1.2.1
WooCommerce Coupon Schedule: by Karolis Giedraitis – 0.1.1
Woocommerce Custom Tabs: by WebshopLogic – 1.0.18
WooCommerce Direct Variation Link: by WP BackOffice – 1.0.3
WooCommerce Dynamic Pricing Product Exclusions: by Nathan Franklin – 1.0.0
WooCommerce Dynamic Pricing: by Lucas Stark – 2.11.6 – 2.12.2 is available
WooCommerce Free Gift: by Rene Puchinger – 1.7.8
WooCommerce jQuery Cookie Fix: by Splashing Pixels (Roy Ho) – 1.0
WooCommerce MailChimp: by Saint Systems – 2.0.20
WooCommerce Video Product Tab: by Sebs Studio – 2.3.1
WooCommerce: by WooThemes – 2.6.14
WooDojo: by WooThemes – 1.5.4
WooCommerce Helper: by WooCommerce – 1.7.2
WordPress Importer: by wordpressdotorg – 0.6.3
Yoast SEO: by Team Yoast – 4.2.1
WP-Lister Lite for eBay: by Matthias Krok – 2.0.14
WP RSS Aggregator: by RebelCode – 4.10
WP RSS Aggregator - Categories: by Jean Galea – 1.2.10
WP RSS Aggregator - Excerpts and Thumbnails: by Jean Galea – 1.9.3
WP Support Plus Pro: by Pradeep Makone – 7.1.0
WP Viral Quiz: by Institut Pandore – 2.04
wpMandrill: by Mandrill – 1.33
YITH WooCommerce Advanced Reviews: by YITHEMES – 1.2.4
YouTube: by EmbedPlus Team – 11.5
Related Posts: by iLen – 5.12.68

### Settings ###

Force SSL: ?
Currency: USD ($)
Currency Position: left
Thousand Separator: ,
Decimal Separator: .
Number of Decimals: 2

### API ###

API Enabled: ?

### WC Pages ###

Shop Base: #603 - /shop/
Cart: #604 - /cart/
Checkout: #605 - /checkout/
My Account: #606 - /my-account/

### Taxonomies ###

Product Types: bundle (bundle)
external (external)
grouped (grouped)
simple (simple)
subscription (subscription)
variable (variable)

### Theme ###

Name: Flatsome Child
Version: 3.0
Author URL: 
Child Theme: ?
Parent Theme Name: Flatsome
Parent Theme Version: 3.1.6
Parent Theme Author URL: https://www.uxthemes.com/
WooCommerce Support: ?

### Templates ###

Overrides: flatsome/woocommerce/archive-product.php
flatsome/woocommerce/cart/cart-empty.php
flatsome/woocommerce/cart/cart.php
flatsome/woocommerce/checkout/form-checkout.php
flatsome/woocommerce/checkout/form-coupon.php
flatsome/woocommerce/checkout/thankyou.php
flatsome/woocommerce/content-product.php
flatsome/woocommerce/content-product_cat.php
flatsome/woocommerce/content-single-product.php
flatsome/woocommerce/global/breadcrumb.php
flatsome/woocommerce/global/quantity-input.php
flatsome/woocommerce/global/wrapper-end.php
flatsome/woocommerce/global/wrapper-start.php
flatsome/woocommerce/loop/loop-end.php
flatsome/woocommerce/loop/loop-start.php
flatsome/woocommerce/loop/orderby.php
flatsome/woocommerce/loop/pagination.php
flatsome/woocommerce/loop/result-count.php
flatsome/woocommerce/loop/sale-flash.php
flatsome/woocommerce/myaccount/form-login.php
flatsome/woocommerce/myaccount/navigation.php
flatsome/woocommerce/notices/error.php
flatsome/woocommerce/notices/notice.php
flatsome/woocommerce/notices/success.php
flatsome/product-searchform.php version - is out of date. The core version is 2.5.0
flatsome/woocommerce/single-product/price.php
flatsome/woocommerce/single-product/product-image.php
flatsome/woocommerce/single-product/product-thumbnails.php
flatsome/woocommerce/single-product/related.php
flatsome/woocommerce/single-product/review.php
flatsome/woocommerce/single-product/sale-flash.php
flatsome/woocommerce/single-product/short-description.php
flatsome/woocommerce/single-product/tabs/tabs.php
flatsome/woocommerce/single-product/title.php
flatsome/woocommerce/single-product/up-sells.php
flatsome/woocommerce/single-product-reviews.php
flatsome/woocommerce/single-product.php

: Learn how to update outdated templates

I managed to figure it out! When I unticked the force secure checkout in woocommerce the downloads work fine. I didn’t need it to be ticked since the entire site is https anyway.

• This reply was modified 8 years, 1 month ago by tami73.

Thanks for the update, and well done figuring it out. I’ll try those settings to see if I can replicate it, and fix for anyone else who might get bit by it.

cheers,
Ross

Hi Tami73,
You are awesome! Thanks for sharing this fix. It has worked for me too. I have been trying to fix my error for months! Well done you!

Thank you so much for this, Tami! I had the same issue and unticking ‘force secure checkout’ fixed it!

thanks @tami73.
I, too, lodged a but report on github – this isn’t right.

I’m having this problem as well, using only HTTPS site-wide, and unchecking force secure checkout (supposing it’s redundant in an HTTPS-only situation) fixed it for me, too. For whatever that’s worth!

I’m having this problem with public users getting this error. But I don’t have WooCommerce installed. There must be other plug-ins that have this function. Any ideas which?

Very bad news. Woocommerce have removed that option. Now there is no way for new sites to avoid the 403 error. Old sites are OK because the setting is retained somewhere.

Any ideas for where that setting is stored and how it can be changed manually?

• This reply was modified 6 years, 9 months ago by grizwoldwp.

G’day @grizwoldwp,

I can still see the setting, it’s on the Advanced tab:

WooCommerce > Settings > Advanced > Secure Checkout > Force Secure Checkout

If you’re running your whole site on HTTPS (and why wouldn’t you?) you won’t need to have that ticked.

I still can’t reproduce the problem in my environments, which doesn’t help either…

cheers,
Ross

I’ve added something to detect WooCommerce download requests and turn off the fixer. Can anyone who has seen this problem please:

1. confirm the problem still exists in v2.6.0
2. try the current dev version which hopefully fixes the problem

https://www.dropbox.com/s/kc3ujsko2c3om00/ssl-insecure-content-fixer-2.6.1.zip?dl=1

I cannot replicate the problem in any environment I’ve tried, so I’d be grateful if one of you could please help test this fix.

cheers,
Ross