GitHub API: Forbidden, when viewing coverage report for PR


In a recent PR that enables Codecov on the Node.js project for C++/Windows coverage, two reviewers indicated that they were having trouble viewing reports, receiving the message “GitHub API: Forbidden”:



GitHub Actions


Codecov GitHub Action

Commit SHAs

The authorization issue is happening for the following link:

Codecov YAML

Codecov Output

There were no issues with uploading:

==> GitHub Actions detected.
    project root: .
    Yaml found at: codecov.yml
==> Running gcov in . (disable via -X gcov)
==> Python coveragepy not found
==> Searching for coverage reports in:
    + ./coverage
    -> Found 2 reports
==> Detecting git/mercurial file structure
==> Reading reports
    + ./coverage/cobertura-coverage.xml bytes=5426882
    + ./coverage/coverage-cxx.xml bytes=2873192
==> Appending adjustments
    + Found adjustments
==> Gzipping contents
==> Uploading reports
    query: branch=windows-coverage-action&commit=3a6e93f0431de647bae0f953d0f6a2867c0a291a&build=318011589&,n,F
->  Pinging Codecov,n,F
->  Uploading to
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 1168k    0     0  100 1168k      0  4297k --:--:-- --:--:-- --:--:-- 4297k
    -> View reports at

Additional Information

It seems like the error is somewhat intermittent:

  • When I opened the URL shared in this bug report at the beginning of writing this up, in an incognito window, I received a 404 forbidden error.
  • As I finish writing up this bug report, I seem to no longer be receiving an error.

Hi @bcoe, thanks for opening the ticket. Do you know the GitHub usernames of those users?

mhdawson@ and targos@ were both having issues, I’ve bumped into it periodically myself; it seems like it’s potentially related to the data not yet being cached (just to speculate.)

@bcoe this looks to be an issue with our integration with GitHub.

I would recommend that they

  1. Clear Codecov cookies and logout
  2. Remove Codecov access on GitHub here
  3. Log back into Codecov and access that page (note they will need to reauthorize Codecov when logging in).

Let me know if that works!

I’m running into the same problem. In my normal browser window where I’m logged into GitHub and Codecov, I can see the pages linked in the Codecov comment in a pull request. If I use a private browser window and paste the links in, I run into the 403 Forbidden error.

@tom any clues? Is this the expected behavior? As in, is it a requirement to log in to Codecov before viewing any some of the reports?

@rafmudaf this should not be happening, but there is an active bug report out for this. I’ll make sure to continue pushing the product team on this.