Home » Php » php – Heroku 403 Forbidden – Laravel 5

php – Heroku 403 Forbidden – Laravel 5

Posted by: admin February 25, 2020 Leave a comment


I have a Laravel 5.8 site


I deployed to Heorku to test with this script that I created

echo 'appName =' $appName

# heroku apps
# heroku apps:destroy appName --confirm appName
# ----------------------

echo web: vendor/bin/heroku-php-apache2 public/ > Procfile
git init
git status
git add -A
git commit -m "Initial commit"

heroku create $appName
heroku git:remote -a $appName
heroku buildpacks:set heroku/php
heroku config:set APP_KEY=9O7AegDFJhVC16jLfNNepT7TEQ7FyFZc

git push heroku master

heroku apps:info
heroku open
echo "done"

I kept getting



You don’t have permission to access this resource

Anything wrong in my script ?


    "name": "laravel/laravel",
    "type": "project",
    "description": "The Laravel Framework.",
    "keywords": [
    "license": "MIT",
    "require": {
        "php": "^7.1.3",
        "fideloper/proxy": "^4.0",
        "guzzlehttp/guzzle": "~6.0",
        "laravel/framework": "5.8.*",
        "laravel/tinker": "^1.0",
        "laravelcollective/html": "~5.0",
        "nesbot/carbon": "^2.19",
        "pusher/pusher-php-server": "^3.4"
    "require-dev": {
        "beyondcode/laravel-dump-server": "^1.0",
        "filp/whoops": "^2.0",
        "fzaninotto/faker": "^1.4",
        "mockery/mockery": "^1.0",
        "nunomaduro/collision": "^2.0",
        "phpunit/phpunit": "^7.5"
    "config": {
        "optimize-autoloader": true,
        "preferred-install": "dist",
        "sort-packages": true
    "extra": {
        "laravel": {
            "dont-discover": []
    "autoload": {
        "psr-4": {
            "App\": "app/"
        "classmap": [
    "autoload-dev": {
        "psr-4": {
            "Tests\": "tests/"
    "minimum-stability": "dev",
    "prefer-stable": true,
    "scripts": {
        "post-autoload-dump": [
            "@php artisan package:discover --ansi"
        "post-root-package-install": [
            "@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
        "post-create-project-cmd": [
            "@php artisan key:generate --ansi"
        "post-install-cmd": [
            "php artisan clear-compiled",
            "chmod -R 777 public/"


Update 1

I checked the log, I saw this

Cannot serve directory /app/: No matching DirectoryIndex (index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive

Update 2

I have no idea why my composer.json in my dyno doesn’t seem to have my latest code. I SSHed in and check.

heroku ps:exec

Is this has something to do with my composer.lock ?

How to&Answers:

try this to solve your problem. add this in your composer.json

 "post-install-cmd": [
     "php artisan clear-compiled",
     "chmod -R 777 public/"


Probably You Pushed The Directories with wrong Permissions in your
remote git repository

  1. Goto Your local code
  2. Update the Permissions
  3. and push back the code
  4. take a pull from the Heroku app


I’ve tried http://boss-security-2.herokuapp.com/artisan and it shows the artisan sourcecode. (It should not)

I think you misconfigured the root folder.


You’ve said that your composer.json is not updated. Have you tried to commit and push all your changes?

git add -A && git commit -m 'update' && git push heroku master

Then try to SSH and list the contents

heroku ps:exec
pwd && ls -la && cat Procfile