Last night I was working through a Laravel production 403 error that didn’t exist in my dev setup.
It occurred during the user authorisation for edit and deletion functions.

I thought one hurdle was getting the website to not add /public to the URL.
Although I fixed this via a change to .htaccess, the error didn’t go away.
I searched a lot and was presented with the same solutions:
check file/folder permissions, clear caches, modify access via nginx, apache, or .htaccess
None of them fixed it for me.

Turns out that the way I tested for authorised access to my edit and
delete functions was a little too type-aware in production…
and not so much in development.

So this failed when in production when it shouldn’t: 

    if ($obj->user_id !== auth()->id()) {
        abort(403, 'Unauthorized');
    }


But this worked: 


    if ($obj->user_id != auth()->id()) {
        abort(403, 'Unauthorized');
    }


Note the difference between !== and !=

This made me think that a small difference in the handling
and/or comparison of the return values between the production
and dev environments made a big difference to the outcome.

I put it on a list for further investigation but have many more
important steps to do on the project first.

But I thought it worth mentioning somewhere.