Sanic access via SSL forbidden


#1

I’m switching from Flask to Sanic to develop and run Viber bot app.
When I try to set a webhook to a running Sanic server I get 403 forbidden response.
The environment is:

  • Ubuntu 18.04 LTS
  • Apache2 2.4.29
  • Python 3.6.6 (Anaconda distribution)
  • free SSL certificate by letsencrypt

Here is app.run from Flask:

if __name__ == '__main__':
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.load_cert_chain('/etc/letsencrypt/live/example.com/fullchain.pem',
                        '/etc/letsencrypt/live/example.com/privkey.pem')
app.run(host='0.0.0.0', port=8000, threaded=True, debug=True, ssl_context=context)

It works just fine, but slow and I require async to handle multiple requests.

Here is Sanic app.run:

if __name__ == '__main__':
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
# context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
context.load_cert_chain('/etc/letsencrypt/live/example.com/fullchain.pem',
                        keyfile='/etc/letsencrypt/live/example.com/privkey.pem')
app.run(host='0.0.0.0', port=8000, debug=True, ssl=context, access_log=True)

There are 2 ways to create SSL context, I tried both with the same result.
When I try to set a webhook to a Sanic server over https I get the following response:

2018-11-01 11:17:24,403 - asyncio - DEBUG - <uvloop.loop.SSLProtocol object at 0x7fae5d62e8d0> starts SSL handshake
2018-11-01 11:17:24,552 - asyncio - DEBUG - <uvloop.loop.SSLProtocol object at 0x7fae5d62e8d0>: SSL handshake took 148.0 ms
2018-11-01 11:17:24,695 - root - DEBUG - received request. post data: b’{“event”:“webhook”,“timestamp”:1541063843872,“message_token”:5238711145965442622}’
[2018-11-01 11:17:24 +0200] - (sanic.access)[INFO][52.0.253.226:57860]: POST https://example.com:8000/?sig=d57c2dc2a5070a2436ahdf432809258696e4ac02f383675154cb463 403 0

Read the docs but cannot figure out what causes the problem.
Any help will be much apprecaited.

UPDATE

Found the answer, it was my fault.


#2

Do you think you can add your solution?


#3

There is no solution, a simple mistake while refactoring from Flask to Sonic as they have different Request objects.