We run a purchase-2-pay solution. Part of this is solution of course to display productinformation.
To increase performance and security, not all suppliers manages to serve https or performant enough services, we have in place an imageproxy serving all images in the different sizes in our solution based on an url provided by the products supplier.
So here’s the question: Some of the suppliers are running their websilutions on Litium and it seems that the images served bt these URL only works if opened directly in the browser and not through the webclient used by our proxy, the Litium server responds with 403 Forbidden. Are there headers we can send to mitigate this security measure?
It seems that either the service provider has detected the issue and opened for the communication or that the 403 was a misleading error. It works today and images are shown as expected. I don’t find the 403 error in the logs either.
Since we create a good amount of traffic it would make sense that they discovered the traffic and opened for it.
I’ll come back to this thread if the same issue arises again, it might as said not be that the 403 was misleading, and in that case I would need some help to dig deeper.
In general the Litium platform is not sending out any 403 answers, either the answer for the storage is 200 Ok, 204 Not Modified or 404 Not Found (this include if the user not has access to the file) so if the response is a 403 sounds like another issue and maybe the traffic is not routed to the customer Litium installation.