Discourse Events return 403 Error when attendees' usernames exceed character limit for request URL

Environment

Discourse Version: stable v2.8.11

Plugin Commit: GitHub - paviliondev/discourse-events: Allows you to manage events in Discourse

Steps to Reproduce

An example event here: Delhi-NCR MUG: Building React Applications with Data APIs & Scalability With MongoDB Atlas! - Asia Pacific - MongoDB Developer Community Forums

If you click RSVP to view the attendees, it returns a 403 Error. If you open it with the console network tab open, you will get the 403 error. Our suspicion is because of the length of the Request URL.

Example

Let me know if I can help further!

Logs

Here’s a screenshot of the console network showing the 403 error: Screen Shot 2022-11-23 at 3.13.50 pm.png - Google Drive

Thanks for the detailed report. I see the issue and am working on a fix.

@hyphalos Are there are server logs associated with this? i.e. if you have a look at

https://www.mongodb.com/community/forums/logs

See if you can see any relevant exceptions or warnings.

I’m also wondering if Cloudfront might be involved here. The HTML being returned from the request (it should be JSON) is this.

403 ERROR

The request could not be satisfied.


Request blocked. We can’t connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.


Generated by cloudfront (CloudFront) Request ID: My_2dbo4Cm46pgyJWrecd0nHWtuieBXUuOC9P1C3RCLszQ8WnxEBOA==


See further

https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-error-request-blocked/

In particular

This error can occur due to the default actions of AWS WAF rules associated with the CloudFront distribution.