[GH-ISSUE #1115] Discord integration issue while adding endpoint url #775

New issue

Closed

opened 2026-02-25 23:43:33 +03:00 by kerem · 1 comment

kerem commented

2026-02-25 23:43:33 +03:00

Owner

Originally created by @arrowcircle on GitHub (Jan 13, 2025).
Original GitHub issue: https://github.com/healthchecks/healthchecks/issues/1115

Hey! I am having issue setting up discord integration for my self-hosted instance (k8s).
I created the app, and when I enter endpoint and click save I see this validation error:

interactions_endpoint_url: The specified interactions endpoint url could not be verified.

The URL looks like: https://hc.domain.com/integrations/add_discord/

Logs are

[pid: 10|app: 0|req: 70/283] 10.244.0.70 () {46 vars in 863 bytes} [Mon Jan 13 12:47:51 2025] POST /integrations/add_discord/ => generated 1852 bytes in 3 msecs (HTTP/1.1 403) 7 headers in 246 bytes (1 switches on core 0)
[pid: 12|app: 0|req: 71/284] 10.244.0.70 () {46 vars in 863 bytes} [Mon Jan 13 12:47:51 2025] POST /integrations/add_discord/ => generated 1852 bytes in 3 msecs (HTTP/1.1 403) 7 headers in 246 bytes (1 switches on core 0)

If I try to make request from the console:

http post https://hc.domain.com/integrations/add_discord/
HTTP/1.1 403 Forbidden
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 985
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Date: Mon, 13 Jan 2025 12:55:32 GMT
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

<!DOCTYPE html>
<html lang="en">
<head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8">
  <meta name="robots" content="NONE,NOARCHIVE">
  <title>403 Forbidden</title>
  <style>
    html * { padding:0; margin:0; }
    body * { padding:10px 20px; }
    body * * { padding:0; }
    body { font-family: sans-serif; background:#eee; color:#000; }
    body>div { border-bottom:1px solid #ddd; }
    h1 { font-weight:normal; margin-bottom:.4em; }
    h1 span { font-size:60%; color:#666; font-weight:normal; }
    #info { background:#f6f6f6; }
    #info ul { margin: 0.5em 4em; }
    #info p, #summary p { padding-top:10px; }
    #summary { background: #ffc; }
    #explanation { background:#eee; border-bottom: 0px none; }
  </style>
</head>
<body>
<div id="summary">
  <h1>Forbidden <span>(403)</span></h1>
  <p>CSRF verification failed. Request aborted.</p>

  <p>You are seeing this message because this HTTPS site requires a “Referer header” to be sent by your web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p>
  <p>If you have configured your browser to disable “Referer” headers, please re-enable them, at least for this site, or for HTTPS connections, or for “same-origin” requests.</p>
  <p>If you are using the &lt;meta name=&quot;referrer&quot; content=&quot;no-referrer&quot;&gt; tag or including the “Referrer-Policy: no-referrer” header, please remove them. The CSRF protection requires the “Referer” header to do strict referer checking. If you’re concerned about privacy, use alternatives like &lt;a rel=&quot;noreferrer&quot; …&gt; for links to third-party sites.</p>


</div>

<div id="explanation">
  <p><small>More information is available with DEBUG=True.</small></p>
</div>

</body>
</html>

Any ideas how to fix this?

Originally created by @arrowcircle on GitHub (Jan 13, 2025). Original GitHub issue: https://github.com/healthchecks/healthchecks/issues/1115 Hey! I am having issue setting up discord integration for my self-hosted instance (k8s). I created the app, and when I enter endpoint and click save I see this validation error: - `interactions_endpoint_url: The specified interactions endpoint url could not be verified.` The URL looks like: `https://hc.domain.com/integrations/add_discord/` Logs are ``` [pid: 10|app: 0|req: 70/283] 10.244.0.70 () {46 vars in 863 bytes} [Mon Jan 13 12:47:51 2025] POST /integrations/add_discord/ => generated 1852 bytes in 3 msecs (HTTP/1.1 403) 7 headers in 246 bytes (1 switches on core 0) [pid: 12|app: 0|req: 71/284] 10.244.0.70 () {46 vars in 863 bytes} [Mon Jan 13 12:47:51 2025] POST /integrations/add_discord/ => generated 1852 bytes in 3 msecs (HTTP/1.1 403) 7 headers in 246 bytes (1 switches on core 0) ``` If I try to make request from the console: ``` http post https://hc.domain.com/integrations/add_discord/ HTTP/1.1 403 Forbidden Connection: keep-alive Content-Encoding: gzip Content-Length: 985 Content-Type: text/html; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Date: Mon, 13 Jan 2025 12:55:32 GMT Referrer-Policy: same-origin Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept-Encoding, Cookie X-Content-Type-Options: nosniff X-Frame-Options: DENY <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="NONE,NOARCHIVE"> <title>403 Forbidden</title> <style> html * { padding:0; margin:0; } body * { padding:10px 20px; } body * * { padding:0; } body { font-family: sans-serif; background:#eee; color:#000; } body>div { border-bottom:1px solid #ddd; } h1 { font-weight:normal; margin-bottom:.4em; } h1 span { font-size:60%; color:#666; font-weight:normal; } #info { background:#f6f6f6; } #info ul { margin: 0.5em 4em; } #info p, #summary p { padding-top:10px; } #summary { background: #ffc; } #explanation { background:#eee; border-bottom: 0px none; } </style> </head> <body> <div id="summary"> <h1>Forbidden <span>(403)</span></h1> <p>CSRF verification failed. Request aborted.</p> <p>You are seeing this message because this HTTPS site requires a “Referer header” to be sent by your web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p> <p>If you have configured your browser to disable “Referer” headers, please re-enable them, at least for this site, or for HTTPS connections, or for “same-origin” requests.</p> <p>If you are using the <meta name="referrer" content="no-referrer"> tag or including the “Referrer-Policy: no-referrer” header, please remove them. The CSRF protection requires the “Referer” header to do strict referer checking. If you’re concerned about privacy, use alternatives like <a rel="noreferrer" …> for links to third-party sites.</p> </div> <div id="explanation"> <p><small>More information is available with DEBUG=True.</small></p> </div> </body> </html> ``` Any ideas how to fix this?

kerem closed this issue

2026-02-25 23:43:33 +03:00

kerem commented

2026-02-25 23:43:33 +03:00

Author

Owner

@arrowcircle commented on GitHub (Jan 13, 2025):

I was using wrong field to enter URL. It should be in oauth2 params.

@arrowcircle commented on GitHub (Jan 13, 2025): I was using wrong field to enter URL. It should be in oauth2 params.