Overview

You received a HTTP 403 Forbidden error while you are browsing your app (e.g. clicking on the links on the push notifications) on your Android device, but the same works on your iOS device. 

Solution

The HTTP 403 Forbidden client error status response code indicates that the server understood the request but refuses to authorize it. Usually, you get an HTTP 403 Forbidden when the server that serves this request has some security restrictions in place you are not complying with.

The most common scenario is when you are trying to embed an iframe from an external server on your app and the web server hosting that page uses the Content-Security-Policy setting to protect its pages.

This web server most probably is configured to add an HTTP header to the response object setting the Content-Security-Policy tag to frame-ancestors 'self'. That means the frame-ancestors must be from the same domain as the original content, making it impossible for you to embed their pages into your app as it is not the same domain. This security policy is commonly used to avoid clickjacking/UI redressing.

Please follow below recommendations for the solution:

• This issue is out of BiznessApps Support scope as it's a security restriction that we don't have control over. You should contact the administrator of the web server hosting the page you want to embed and have them disable the security constraints not allowing you to use that page.
• If you haven't done recently, republish your application as new features and updates may fix issues like this in new versions of the source code. So, it is recommended that the application owners republish their apps at least once every 6 months. See the article How To Republish Or Update Your App for the steps to perform this operation.
• As a workaround, you can try below recommendations if the 403 Forbidden error is indeed due to iframe restriction (i.e., the Content-Security-Policy setting that prevents iframes to be embedded on your app is enabled):
  • You can add a note to the push notification telling the users to copy the link and open it in a browser window on their phones.
  • You can also check the "Open in new browser window" option which will open the web page on the user's device native browser (if that doesn't break your app's policies).

Note:  If you do wish to check if your problem is related to iframe restriction you can use the tinywebgallery site to check their site for iframes. For more information about security restrictions, you can have a look at this iframe link.