Following the suggestion here I ran documentserver-update-securelink.sh with the “secret” as the only argument and this resulted in the local.json being updated as follows (again I have omitted the RabbitMQ, PostgreSQL and storage sections):
{
"services": {
"CoAuthoring": {
"secret": {
"browser": {
"header": "Authorization",
"string": "secret"
},
"inbox": {
"header": "Authorization",
"string": "secret"
},
"outbox": {
"header": "Authorization",
"string": "secret"
}
},
"token": {
"enable": {
"browser": true,
"request": {
"inbox": true,
"outbox": true
}
}
}
}
}
}
Personally I find JSON hard to read, so converting it into YAML, these are the updated setting that fixed the 403 Forbidden error:
services:
CoAuthoring:
secret:
browser:
header: Authorization
string: secret
inbox:
header: Authorization
string: secret
outbox:
header: Authorization
string: secret
token:
enable:
browser: true
request:
inbox: true
outbox: true
And this is what I had prior:
services:
CoAuthoring:
token:
enable:
request:
inbox: true
outbox: true
browser: true
inbox:
header: Authorization
outbox:
header: Authorization
secret:
inbox:
string: secret
outbox:
string: secret
session:
string: secret