Openproject:Gogs/Github Integration 403 and empty body

Question

Software: Openproject,Gogs(internal Github clone) Description: I send push notification from Gogs to openproject/webhooks/github, and getting 403 empty body.

Redacted information: apikey=42, "user.user", "user.user.com"

Send Headers:

Request URL: http://192.168.100.100/openproject/webhooks/github?apikey=42 Request method: POST Content-Type: application/json X-Github-Delivery: 92b7ff07-79b4-4334-b0b5-59122bedc9e7 X-Github-Event: pull_request X-Gogs-Delivery: 92b7ff07-79b4-4334-b0b5-59122bedc9e7 X-Gogs-Event: pull_request X-Gogs-Signature:

Send Body: { "action": "opened", "number": 4, "pull_request": { "id": 8, "number": 4, "user": { "id": 1, "username": "user.user", "login": "user.user", "full_name": "", "email": "user@user.com", "avatar_url": "http://192.168.100.100:3000/avatars/1" }, "title": "OP#48", "body": "[#48] [MFK5] [FuSa] [X120] SAF-4.2 :: SDD update\r\n\r\nhttp://192.168.100.100/openproject/work_packages/48\r\n", "labels": [], "milestone": null, "assignee": null, "state": "open", "comments": 0, "head_branch": "task/48-mfk5-fusa-x120-saf-42-sdd-update", "head_repo": { "id": 5, "owner": { "id": 13, "username": "DevTeam", "login": "DevTeam", "full_name": "", "email": "", "avatar_url": "http://192.168.100.100:3000/avatars/13" }, "name": "testpublic", "full_name": "DevTeam/testpublic", "description": "", "private": false, "fork": false, "parent": null, "empty": false, "mirror": false, "size": 49152, "html_url": "http://192.168.100.100:3000/DevTeam/testpublic", "ssh_url": "git@localhost:DevTeam/testpublic.git", "clone_url": "http://192.168.100.100:3000/DevTeam/testpublic.git", "website": "", "stars_count": 0, "forks_count": 0, "watchers_count": 4, "open_issues_count": 0, "default_branch": "master", "created_at": "2022-12-21T16:42:20+01:00", "updated_at": "2023-01-25T12:00:47+01:00" }, "base_branch": "master", "base_repo": { "id": 5, "owner": { "id": 13, "username": "DevTeam", "login": "DevTeam", "full_name": "", "email": "", "avatar_url": "http://192.168.100.100:3000/avatars/13" }, "name": "testpublic", "full_name": "DevTeam/testpublic", "description": "", "private": false, "fork": false, "parent": null, "empty": false, "mirror": false, "size": 49152, "html_url": "http://192.168.100.100:3000/DevTeam/testpublic", "ssh_url": "git@localhost:DevTeam/testpublic.git", "clone_url": "http://192.168.100.100:3000/DevTeam/testpublic.git", "website": "", "stars_count": 0, "forks_count": 0, "watchers_count": 4, "open_issues_count": 0, "default_branch": "master", "created_at": "2022-12-21T16:42:20+01:00", "updated_at": "2023-01-25T12:00:47+01:00" }, "html_url": "http://192.168.100.100:3000/DevTeam/testpublic/pulls/4", "mergeable": true, "merged": false, "merged_at": null, "merge_commit_sha": null, "merged_by": null }, "repository": { "id": 5, "owner": { "id": 13, "username": "DevTeam", "login": "DevTeam", "full_name": "", "email": "", "avatar_url": "http://192.168.100.100:3000/avatars/13" }, "name": "testpublic", "full_name": "DevTeam/testpublic", "description": "", "private": false, "fork": false, "parent": null, "empty": false, "mirror": false, "size": 49152, "html_url": "http://192.168.100.100:3000/DevTeam/testpublic", "ssh_url": "git@localhost:DevTeam/testpublic.git", "clone_url": "http://192.168.100.100:3000/DevTeam/testpublic.git", "website": "", "stars_count": 0, "forks_count": 0, "watchers_count": 4, "open_issues_count": 0, "default_branch": "master", "created_at": "2022-12-21T16:42:20+01:00", "updated_at": "2023-01-25T12:00:47+01:00" }, "sender": { "id": 1, "username": "user.user", "login": "user.user", "full_name": "", "email": "user@user.com", "avatar_url": "http://192.168.100.100:3000/avatars/1" } }

Response Headers: "403"

Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: default-src 'self'; base-uri 'self'; connect-src 'self' https://augur.openproject.com; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://player.vimeo.com https://releases.openproject.com/v1/check.svg; img-src * data: blob:; media-src 'self'; object-src https://releases.openproject.com/v1/check.svg; script-src 'self'; style-src 'self' 'unsafe-inline' Content-Type: text/html Date: Wed, 25 Jan 2023 11:02:22 GMT Referrer-Policy: origin-when-cross-origin Server: Apache/2.4.52 (Ubuntu) Set-Cookie: _open_project_session=c989eaa3af4d5d6b19c75b52899fa9ae; path=/openproject; HttpOnly; SameSite=Lax Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: f1905295-06d6-4770-b046-2fd51147fadf X-Runtime: 0.008078 X-Xss-Protection: 1; mode=block

Response Body:

Api Key is valid, tested on API section using Postman. I can understand that some settings in Gogs can be an issue, like: X-Gogs-Delivery: X-Gogs-Event: X-Gogs-Signature:

But i have no return information to proceed.