We are a web application development company and some or our applications based on Laravel. We were running a web application on chrome but I got Error 406 – Not Acceptable, in the Console. In this blog, I share my experience how I ended up fixing it.
The application is based on Laravel and Vue.js framework on front end. I got this error during some requests from front-end. The content of this error was, “Generally a 406 error is caused because of a request has been blocked by Mod Security. If you believe that your request has been blocked by mistake please contact the website owner.” This error could be displayed on Chrome Console or on Network tab.
My application is hosted by inmotionhosting. I believe inmotion has disabled some of requests (other than POST and GET requests) so this error is raised. Your hosting can turn off Mod Security on your hosting to fix this issue; however, your website might get more vulnerable, for example it might cause unauthorized changes to your site. A better solution would be not to use requests that are not blocked by your hosting, or you could get a virtual server!
As I know, shared hostings cannot turn Mod security off for only part of your website or some directories. They need to disable for the whole hosting account. To do this, you could directly contact your hosting and just ask to turn Mod Security off. On shared hosting, website owners usually don’t have access to manage Mod Security, so it’d be better to contact them.
UPDATE: I found out on inmotion hosting blog that “the PUT and DELETE functions are not enabled on shared server due to the security flaws involved with these functions.” Well! This would be frustrating while developing a web application.
I included screenshot of my application displaying Error 406 at Console.