POST returns 403 if URL is in data

Question 1

As far as I can see : this "bug" is on the server side.

The object passed as a second argument to the $.post() methods is simply serialized as data in your request.

You can see what is sent to the server by checking your browser's web console (e.g : the "Net" tab of Firebug, or the "Network" tab of Firefox' built-in console, or similar tabs in Chrome or IE). My guess is your request is correctly sent with the data you provided.

What your server does with this data is another matter ; you will need to debug your server configuration and server side code to figure out how your request ultimately triggers a 403.

One possible cause for a 403 is bad file permissions. Check if your files permission allow the web server to access them.

For example, if you are using a standard apache/linux configuration, check if :

user www-data has x rights on all code directories
user www-data has r rights on all code files
user www-data has correct rights on files which should be downloaded or uploaded
your site config file removes access from certain directories
your .htaccess file(s) remove access from certain directories
etc ...

Question 2

it totally depends on what your listOfURLs is, you just have to keep in mind, that the data part of the post request, should always be a string, so the solutions might be:

if ListOfURLs is an array, you should do something like this:

$.post( "script.php", { 'urls[]': [ "URL1", "URL2" ] } );
if it is a form data, you can serialize it to be a json string.
if not any of that, try just to make it json like.

and please if this doesn't work, provide us with some additional details about the data itself

Question 3

try url encode for URL in the list and then passing to it

var encodedUrl = encodeURIComponent(url);

Question 4

The 403 tells you that the system tried to access a URL or resource using the object you've tried to send.

I'm not a fan of the short form of this ajax call. Use the long syntax of JQuery if you like more overview in you code. See this for more information.

$.ajax({
    type: "POST",
    url: url,
    data: listofURLs2JSON,
    dataType: "json",
    statusCode: {
        404: function() {
            alert( "List of urls. Nooooo" );
        }
    },
    success: function(data) {
        alert( "This was totally awesome!" );
    },
});

As Labib pointed out you can avoid the 403 using JSON. To deserialize the object use JSON.stringify:

var listofURLs2JSON = JSON.stringify(array/object, callback);

Then you can receive the object as string and use php functions like json_decode to retrieve the data as variable, do whatever you want and send it back via json_encode.

Question 5

Are you using Nginx as your web server? Nginx does not support post requests like this; you can work around this limitation by adding the following to your configuration under server.

    error_page 405 =200 $request_uri;

What is really happening is that Nginx is generating an HTTP response 405 and then tries to access the error document for HTTP 405 and gets a 403 on that which is displayed.

Question 6

There is an error in your code. You should replace this:

$.post( "script.php", { urls: listOfURLs} );

with this

$.post( "script.php", { 'urls[]': listOfURLs} );

because listOfURLs is a javascript array. This may explain why your code works if the list of URLs is empty.

See the 3rd example on the post() documentation page: jQuery.post() |jQuery API

If that does not help I would try using Fiddler2 to look closely at the calls your code is making when it does the post. This program will show you the URL being called and the data being posted. It's very useful for debugging this sort of issue.

Question 7

you just append your url with some additional strings like

listURL = "data_url:"+listURL+"";

And pass this data to the ajax. so you get the url data without 403 forbidden error