Closed jahangiramin closed 3 years ago
Can you post the settings screen for upload from your admin area?
Here are the screen shots of the complete settings screen
I just did a fresh install of flarum + flagrow/upload extension and I see the same behaviour. I did some investigation and found following:
When I disable hotlink protection in config, downloads work. So it seems that hotlink protection is failing for some reason.
When I look to the flagrow_files table in the database I see the discussion_id and post_id fields set to NULL. Is this expected or this is the root of the problem?
Disabling hotlinks protection and then trying to download the file gives the following error:
{"errors":[{"code":500,"title":"Internal server error"}]}
Update:
Disabled hotlinks Checked flarum.log and the error appeared as "406 Not Acceptable" Disable mod_security for my domain and now download works, so this was related to server permission. Can anyone confirm if disabling mod_security is a good idea?
@jahangiramin I'm using Nginx, not Apache, so I do not have any mod_security. But I think that those will be two independent issues.
If you re-enable the hotlink protection (with mod_security disabled) downloads stop working again or not?
if i disable the hotlinks (with mod_security disabled), it gives the same 404 error:
{"errors":[{"status":"404","code":"resource_not_found"}]}
I am on nginx behind the reverse proxy, 404 when trying to download, 500 when hotlinks disabled. Seems that nothing related is in the logfiles...
Just update to my previous post. I checked the SSL certificates and they were for wrong domain. After fixing that and disabling hotlinking protection it started to work. The hotlinking protection still gives 404.
@petrkazda Same thing for me: I had nginx with a self-signed certificate and downloads didn't work. They work now, after installing a free certificate provided by Let's Encrypt and disabling hotlink protection.
Hi guys. Little fix for that is:
You need to disable the hotlinl and logging.
And after it start working for me.
Same problem.
I've disabled hotlink and it comes to be
{"errors":[{"status":"500","code":"unknown"}]}
And I reviewed apache error log, but no error is there
Wow that's an old issue. I've not encountered it in my testing, but it seems like some of you continue to see it.
Everyone with a 500 error, maybe you can find details in the apache error logs ?
Unfortunately unless we can find a good way of reproducing it, the only solution will be to disable hotlinking protection.
Same issue, but logs show some issues with authorizing. However, i'm logged in when trying to download.
[2020-03-16 20:36:07] production.ERROR: FoF\Upload\Exceptions\InvalidDownloadException: Client error: `GET https://subdomain.domain.comm/assets/files/2020-03-16/1584390960-100199-2000x2000.pdf` resulted in a `401 Unauthorized` response:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>401 Authorization Required</TITLE>
<BASE href="/ (truncated...)
in /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/fof/upload/src/Downloader/DefaultDownloader.php:49
Stack trace:
#0 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/fof/upload/src/Commands/DownloadHandler.php(82): FoF\Upload\Downloader\DefaultDownloader->download()
#1 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/illuminate/bus/Dispatcher.php(90): FoF\Upload\Commands\DownloadHandler->handle()
#2 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/illuminate/pipeline/Pipeline.php(128): Illuminate\Bus\Dispatcher->Illuminate\Bus\{closure}()
#3 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/illuminate/pipeline/Pipeline.php(104): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#4 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/illuminate/bus/Dispatcher.php(98): Illuminate\Pipeline\Pipeline->then()
#5 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/illuminate/bus/Dispatcher.php(76): Illuminate\Bus\Dispatcher->dispatchNow()
#6 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/fof/upload/src/Api/Controllers/DownloadController.php(64): Illuminate\Bus\Dispatcher->dispatch()
#7 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/RouteHandlerFactory.php(38): FoF\Upload\Api\Controllers\DownloadController->handle()
#8 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/DispatchRoute.php(65): Flarum\Http\RouteHandlerFactory->Flarum\Http\{closure}()
#9 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\DispatchRoute->process()
#10 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/SetLocale.php(50): Laminas\Stratigility\Next->handle()
#11 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\SetLocale->process()
#12 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/CheckCsrfToken.php(23): Laminas\Stratigility\Next->handle()
#13 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\CheckCsrfToken->process()
#14 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/AuthenticateWithHeader.php(55): Laminas\Stratigility\Next->handle()
#15 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\AuthenticateWithHeader->process()
#16 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/AuthenticateWithSession.php(32): Laminas\Stratigility\Next->handle()
#17 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\AuthenticateWithSession->process()
#18 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/RememberFromCookie.php(51): Laminas\Stratigility\Next->handle()
#19 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\RememberFromCookie->process()
#20 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/StartSession.php(61): Laminas\Stratigility\Next->handle()
#21 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\StartSession->process()
#22 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Api/Middleware/FakeHttpMethods.php(29): Laminas\Stratigility\Next->handle()
#23 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Api\Middleware\FakeHttpMethods->process()
#24 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/ParseJsonBody.php(28): Laminas\Stratigility\Next->handle()
#25 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\ParseJsonBody->process()
#26 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/HandleErrors.php(57): Laminas\Stratigility\Next->handle()
#27 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\HandleErrors->process()
#28 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/MiddlewarePipe.php(84): Laminas\Stratigility\Next->handle()
#29 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/middlewares/request-handler/src/RequestHandler.php(84): Laminas\Stratigility\MiddlewarePipe->process()
#30 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Middlewares\RequestHandler->process()
#31 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/middlewares/base-path-router/src/BasePathRouter.php(97): Laminas\Stratigility\Next->handle()
#32 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Middlewares\BasePathRouter->process()
#33 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Middleware/OriginalMessages.php(42): Laminas\Stratigility\Next->handle()
#34 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Laminas\Stratigility\Middleware\OriginalMessages->process()
#35 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/middlewares/base-path/src/BasePath.php(53): Laminas\Stratigility\Next->handle()
#36 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Middlewares\BasePath->process()
#37 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/MiddlewarePipe.php(84): Laminas\Stratigility\Next->handle()
#38 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/MiddlewarePipe.php(73): Laminas\Stratigility\MiddlewarePipe->process()
#39 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-httphandlerrunner/src/RequestHandlerRunner.php(96): Laminas\Stratigility\MiddlewarePipe->handle()
#40 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Server.php(42): Laminas\HttpHandlerRunner\RequestHandlerRunner->run()
#41 /var/www/vhosts/domain.comm/subdomain.domain.comm/public/index.php(26): Flarum\Http\Server->listen()
#42 {main}
Flarum core 0.1.0-beta.12
PHP version: 7.3.11
Loaded extensions: Core, phpdbg_webhelper, date, libxml, openssl, pcre, sqlite3, zlib, bcmath, bz2, calendar, ctype, curl, dba, dom, hash, fileinfo, filter, ftp, gd, gettext, gmp, SPL, iconv, intl, json, ldap, mbstring, session, standard, odbc, pcntl, mysqlnd, PDO, pdo_dblib, pdo_mysql, PDO_ODBC, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, readline, Reflection, mysqli, shmop, SimpleXML, soap, sockets, sodium, exif, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, wddx, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, Zend OPcache
+----------------------+----------------+--------+
| Flarum Extensions | | |
+----------------------+----------------+--------+
| ID | Version | Commit |
+----------------------+----------------+--------+
| flarum-approval | v0.1.0-beta.12 | |
| flarum-bbcode | v0.1.0-beta.12 | |
| flarum-emoji | v0.1.0-beta.12 | |
| flarum-lang-english | v0.1.0-beta.12 | |
| flarum-flags | v0.1.0-beta.12 | |
| flarum-likes | v0.1.0-beta.12 | |
| flarum-lock | v0.1.0-beta.12 | |
| flarum-markdown | v0.1.0-beta.12 | |
| flarum-mentions | v0.1.0-beta.12 | |
| flarum-statistics | v0.1.0-beta.12 | |
| flarum-sticky | v0.1.0-beta.12 | |
| flarum-subscriptions | v0.1.0-beta.12 | |
| flarum-suspend | v0.1.0-beta.12 | |
| flarum-tags | v0.1.0-beta.12 | |
| fof-byobu | 0.4.1 | |
| fof-upload | 0.8.3 | |
+----------------------+----------------+--------+
Response when downloading
{"errors":[{"status":"500","code":"unknown"}]}
@akizor check whether your webserver has IP whitelisting. Make sure the website can be accessed by the server itself (likely from 127.0.0.1). The 401 error is thrown by the webserver when Flarum tries to make a request to itself internally.
@clarkwinkelmann You are right, i do have a security layer that prevents that. It's not firewall, but the basic htaccess with htpasswd protection. In this case, can I force a file access directly and not through controller?
@akizor it's been designed that way to simplify the codebase across all drivers.
Are you able to add an exception for 127.0.0.1
to the htpasswd protection ?
@clarkwinkelmann You are the man. I have added the IP whitelist exception and it worked, however by whitelisting the server's IP, not just 127.0.0.1.
Closing as stale. Please feel free to re-open if neccessary
, File uploads successfully and i can confirm it exists in Assets folder. However, when i try to download the file, it gives the following error:
{"errors":[{"status":"404","code":"resource_not_found"}]}
Download permissions already set to General public. Link to an example: http://letsdoca.com/d/1-test/4