Hi,
I’m using the official React SPA application. I noticed that sometimes after I logged in with my Google account, the request to my profile picture returns a 403. After some time, the request returns the profile picture like normal.
I wish I could give some more information, but I can’t at the moment. Will try to debug some more.
Could this have something to do with dev keys? I did set up my app in Google, so this shouldn’t be an issue?
I have the same problem.
I just ran into the same issue. It’s intermittent and the response code is 403
Hey guys!
Can you share the link to the quickstart as the one above gives me a 404? Thank you!
I have the same problem.
Can you link the quickstart you use?
Hi konrad,
I also have the same issue:
Logging in with google, everything seems to work fine and then suddenly after switching between views, the picture GET request returns a 403. A couple of hours later it works again, but the issue always comes back.
I used the Auth0 React SDK and followed the SPA React Quickstart
Let me raise that in a form of GitHub issue so that the quickstart maintainers can take a look at that!
As replied on the GitHub issue, this seems to exist for a few years outside of Auth0’s context as well: javascript - http:403 forbidden error when trying to load img src with google profile pic - Stack Overflow
Would any of you be able to verify if this only exists when using localhost? e.g. can you try reproduce it using either 127.0.0.1 or another host mapped to your localhost?
I haven’t been able to reproduce this in our quickstart at the moment, so it’s hard for me to verify.
However, as far as I am aware we do not manipulate the URL, this is the URL coming straight from google so I think Auth0 isn’t involved in the 403.
Hi Fré,
I checked again using 127.0.0.1 instead of localhost. So far it hasn’t reoccurred yet, so it’s probably just like you said. I’ll keep you posted if it does pop up again. 
Thanks for verifying, appreciated!.
I mean, this is not a solution… but if it is only occuring on localhost and not on any other environment, at least the issue is less critical.
Sadly it looks like there is little information available on this subject… But all I know is that, as mentioned, the cause is to be found with google itself and not so much with Auth0. However, considering the issue has been around for such a long time I am worried about whether or not this has an actual solution on localhost.
As said here: javascript - http:403 forbidden error when trying to load img src with google profile pic - Stack Overflow
Another solution is add referrerpolicy=“no-referrer” to the component like:
Sorry, no added example code:
<img src="{{(authService.signIn$ | async)?.imageUrl}}" referrerpolicy="no-referrer" >
Thanks for sharing that with the rest of community!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.