Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

403 forbidden

more options

My TIFF (Toronto International Film Festival) membership would not load I got 403 forbidden when I click on the account manager locked. I emailed them and they said the account was active. I think tried again from a Chrome browser and had no issues was able to log in . Back on Mozilla Firefox however I am blocked.

Is there a fix or do I need to migrate all my browsing to Chrome ? [email removed from public]

Modified by James

All Replies (3)

more options

The 403 error isn't very explanatory, is it... but let me take a wild guess: this page is displayed because the server didn't receive your cookie showing you are logged in, and therefore you aren't allowed to see that page.

Firefox 96 made three changes related to cookies. I don't think we know enough to guess which change is affecting that site, so I'll provide information on all three changes.

(1) If the server does not specify the SameSite setting for its cookies, Firefox changed from treating it as SameSite=None (allow serving as a third party cookie) to SameSite=Lax (partially restricts serving as a third party cookie).

This seems to be the one that affects Canvas/Kaltura users. However, it turns out to be difficult to find the relevant host names so that you can set an exception for those sites.

It also seems to affect iCloud two-factor authentication. See:

(2) If the cookie was set on an HTTPS page, it is not automatically passed to HTTP pages on the same server. In other words, SameSite consider the protocol (scheme) as well as the host name. This is a problem for older sites that use HTTP for most pages but do the login over HTTPS. Example:

(3) If the server specifies that third party cookies are okay by setting SameSite=None, this is only honored for HTTPS pages, not HTTP pages. I don't know whether this is causing problems on any sites.

How to test whether this is issue #1:

(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.

(B) In the search box in the page, type or paste laxByDefault and pause while the list is filtered

(C) Double-click the network.cookie.sameSite.laxByDefault preference to switch the value from true to false

I don't know whether that takes effect immediately or whether you need to quit Firefox and start it up again.

Hopefully we will get a better understanding of how to set exceptions in the future so you can benefit from this change while using other sites.


more options

I am sorry to say your reply is not suited to a used to work now it doesn't on my Firefox browser...I need a way to fix that issue not about:config that has over 1000 lines of who knows what to scroll through


more options

You don't need to scroll if you follow step (B). Only two preferences match that filter.


Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.