(Please include as many details as possible.)
Search for "bitbucket":
curl 'https://addons.mozilla.org/api/v3/addons/search/?app=firefox&appversion=59.0&platform=mac&q=bitbucket&lang=en-US' | jq '.results[0]'
{
"id": 845907,
"authors": [
{
"id": 13215875,
"name": "Pavel V",
"url": "https://addons.mozilla.org/en-US/firefox/user/corkscreewe/",
"username": "corkscreewe"
}
],
"average_daily_users": 22,
"categories": {
"android": [
"user-interface"
],
"firefox": [
"other"
]
},
"contributions_url": null,
"current_beta_version": null,
"current_version": {
"id": 2223971,
"compatibility": {
"android": {
"max": "*",
"min": "48.0"
},
"firefox": {
"max": "*",
"min": "48.0"
}
},
"edit_url": "https://addons.mozilla.org/en-US/developers/addon/bitbucket-server-reviewers/versions/2223971",
"files": [
{
"id": 765172,
"created": "2017-11-09T12:23:31Z",
"hash": "sha256:04dc9685f3a85fdb65be273447c819691674f0e2526c2517875d13780c450dde",
"is_restart_required": false,
"is_webextension": true,
"is_mozilla_signed_extension": false,
"platform": "all",
"size": 200734,
"status": "public",
"url": "https://addons.mozilla.org/firefox/downloads/file/765172/bitbucket_server_reviewers_groups-2.2.12-an+fx.xpi?src=",
"permissions": [
"storage",
"alarms",
"tabs",
"http://*/*",
"https://*/*",
"<all_urls>"
]
}
],
"is_strict_compatibility_enabled": false,
"reviewed": null,
"url": "https://addons.mozilla.org/en-US/firefox/addon/bitbucket-server-reviewers/versions/2.2.12",
"version": "2.2.12"
},
"default_locale": "en-US",
"description": null,
"developer_comments": null,
"edit_url": "https://addons.mozilla.org/en-US/developers/addon/bitbucket-server-reviewers/edit",
"guid": "{afbf9a79-a425-485a-95e6-6dfd813f27ff}",
"has_eula": false,
"has_privacy_policy": false,
"homepage": null,
"icon_url": "https://addons.cdn.mozilla.net/static/img/addon-icons/default-64.png",
"is_disabled": false,
"is_experimental": false,
"is_featured": false,
"is_source_public": true,
"last_updated": "2017-11-09T12:30:12Z",
"name": "Bitbucket Server Reviewers Groups",
"previews": [],
"public_stats": false,
"ratings": {
"bayesian_average": 3.28306,
"count": 4,
"average": 4,
"text_count": 4
},
"requires_payment": false,
"review_url": "https://addons.mozilla.org/en-US/reviewers/review/845907",
"slug": "bitbucket-server-reviewers",
"status": "public",
"summary": "Allow to add group of reviewers for pull request in bitbucket server + other features",
"support_email": "[email protected]",
"support_url": "https://outgoing.prod.mozaws.net/v1/721ade76b052ec2bcb22a8fe65cfb6caea9613c1642d3f15c48d810bf2e98432/https%3A//github.com/dragouf/Stash-Reviewers-Chrome-Extension/issues",
"tags": [
"firefox57"
],
"type": "extension",
"url": "https://addons.mozilla.org/en-US/firefox/addon/bitbucket-server-reviewers/",
"weekly_downloads": 2
}
Load the detail for that add-on:
curl 'https://addons.mozilla.org/api/v3/addons/addon/bitbucket-server-reviewers/?lang=en-US' -H "Content-Type: application/json"
You get a 403 which is also not JSON:
<?xml version="1.0" encoding="utf-8" ?>
<error>Not allowed</error>
Since it's a public add-on, it should not be a 403
(Please include a link to the page, screenshots and any relevant files.)
Reported in https://github.com/mozilla/addons-frontend/issues/4071
The add-on's listing page is visible on the legacy front-end, and at a glance looks "normal" - it's Approved; visible; non-deleted; with a current Version that's Approved; enabled; non-deleted; with a single All Platforms File.
This is done by nginx. I bet this is somehow because the URL has "reviewers" in it...
This may not be done by nginx, because when bypassing nginx entirely and access the app locally, there is still a 403 error.
$ curl -I -H "content-type: application/json" -H "host: addons.mozilla.org" 'localhost:9000/api/v3/addons/addon/bitbucket-server-reviewers/?lang=en-US'
HTTP/1.1 403 FORBIDDEN
x-xss-protection: 1; mode=block
Content-Security-Policy: script-src https://ssl.google-analytics.com/ga.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://addons.cdn.mozilla.net; style-src 'self' 'unsafe-inline' https://addons.cdn.mozilla.net; default-src 'self'; frame-src 'self' https://www.google.com/recaptcha/; child-src 'self' https://www.google.com/recaptcha/; img-src 'self' data: blob: https://ssl.google-analytics.com https://addons.cdn.mozilla.net https://static.addons.mozilla.net https://sentry.prod.mozaws.net; media-src https://videos.cdn.mozilla.net; object-src 'none'; connect-src 'self' https://sentry.prod.mozaws.net; font-src 'self' https://addons.cdn.mozilla.net; form-action 'self' https://developer.mozilla.org; base-uri 'self' https://addons.mozilla.org; report-uri /__cspreport__
x-content-type-options: nosniff
ETag: "1a9bf500fe643d719bc92054df9b8685"
X-Frame-Options: DENY
Content-Type: text/xml
Good catch! This is actually done by addons-server, sorry.
This is because of this:
url('^reviewers/', include('olympia.reviewers.urls')),
It's missing the ^ at the beginning (Same for editors, and pages/appversions/, though that's less of a problem there.
Verified as fixed on AMO-dev with FF57 (Win10)
Scenarios tested:
/reviewers/ - https://addons-dev.allizom.org/en-US/firefox/addon/reviewers//reviewers/ - https://addons-dev.allizom.org/en-US/firefox/collections/AlexandraMoga/reviewers/
Most helpful comment
Good catch! This is actually done by addons-server, sorry.
This is because of this:
It's missing the
^at the beginning (Same foreditors, andpages/appversions/, though that's less of a problem there.