File download error - 404

jahangiramin commented 5 years ago

flagrow/upload extension version: 0.7.1
flarum version: 0.1.0-beta.8
upload adapter causing issues: local
mimetype configurations: application/pdf, image/.*

, File uploads successfully and i can confirm it exists in Assets folder. However, when i try to download the file, it gives the following error:

{"errors":[{"status":"404","code":"resource_not_found"}]}

Download permissions already set to General public. Link to an example: http://letsdoca.com/d/1-test/4

luceos commented 5 years ago

Can you post the settings screen for upload from your admin area?

jahangiramin commented 5 years ago

Here are the screen shots of the complete settings screen

matuscak commented 5 years ago

I just did a fresh install of flarum + flagrow/upload extension and I see the same behaviour. I did some investigation and found following:

When I disable hotlink protection in config, downloads work. So it seems that hotlink protection is failing for some reason.
When I look to the flagrow_files table in the database I see the discussion_id and post_id fields set to NULL. Is this expected or this is the root of the problem?

jahangiramin commented 5 years ago

Disabling hotlinks protection and then trying to download the file gives the following error:

{"errors":[{"code":500,"title":"Internal server error"}]}

jahangiramin commented 5 years ago

Update:

Disabled hotlinks Checked flarum.log and the error appeared as "406 Not Acceptable" Disable mod_security for my domain and now download works, so this was related to server permission. Can anyone confirm if disabling mod_security is a good idea?

matuscak commented 5 years ago

@jahangiramin I'm using Nginx, not Apache, so I do not have any mod_security. But I think that those will be two independent issues.

If you re-enable the hotlink protection (with mod_security disabled) downloads stop working again or not?

jahangiramin commented 5 years ago

if i disable the hotlinks (with mod_security disabled), it gives the same 404 error:

{"errors":[{"status":"404","code":"resource_not_found"}]}

petrkazda commented 5 years ago

I am on nginx behind the reverse proxy, 404 when trying to download, 500 when hotlinks disabled. Seems that nothing related is in the logfiles...

petrkazda commented 5 years ago

Just update to my previous post. I checked the SSL certificates and they were for wrong domain. After fixing that and disabling hotlinking protection it started to work. The hotlinking protection still gives 404.

benat commented 5 years ago

@petrkazda Same thing for me: I had nginx with a self-signed certificate and downloads didn't work. They work now, after installing a free certificate provided by Let's Encrypt and disabling hotlink protection.

scipe commented 5 years ago

Hi guys. Little fix for that is:

You need to disable the hotlinl and logging.

And after it start working for me.

pluveto commented 4 years ago

Same problem.

I've disabled hotlink and it comes to be

{"errors":[{"status":"500","code":"unknown"}]}

pluveto commented 4 years ago

And I reviewed apache error log, but no error is there

clarkwinkelmann commented 4 years ago

Wow that's an old issue. I've not encountered it in my testing, but it seems like some of you continue to see it.

Everyone with a 500 error, maybe you can find details in the apache error logs ?

Unfortunately unless we can find a good way of reproducing it, the only solution will be to disable hotlinking protection.

akizor commented 4 years ago

Same issue, but logs show some issues with authorizing. However, i'm logged in when trying to download.

[2020-03-16 20:36:07] production.ERROR: FoF\Upload\Exceptions\InvalidDownloadException: Client error: `GET https://subdomain.domain.comm/assets/files/2020-03-16/1584390960-100199-2000x2000.pdf` resulted in a `401 Unauthorized` response:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>401 Authorization Required</TITLE>
<BASE href="/ (truncated...)
 in /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/fof/upload/src/Downloader/DefaultDownloader.php:49
Stack trace:
#0 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/fof/upload/src/Commands/DownloadHandler.php(82): FoF\Upload\Downloader\DefaultDownloader->download()
#1 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/illuminate/bus/Dispatcher.php(90): FoF\Upload\Commands\DownloadHandler->handle()
#2 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/illuminate/pipeline/Pipeline.php(128): Illuminate\Bus\Dispatcher->Illuminate\Bus\{closure}()
#3 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/illuminate/pipeline/Pipeline.php(104): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#4 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/illuminate/bus/Dispatcher.php(98): Illuminate\Pipeline\Pipeline->then()
#5 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/illuminate/bus/Dispatcher.php(76): Illuminate\Bus\Dispatcher->dispatchNow()
#6 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/fof/upload/src/Api/Controllers/DownloadController.php(64): Illuminate\Bus\Dispatcher->dispatch()
#7 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/RouteHandlerFactory.php(38): FoF\Upload\Api\Controllers\DownloadController->handle()
#8 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/DispatchRoute.php(65): Flarum\Http\RouteHandlerFactory->Flarum\Http\{closure}()
#9 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\DispatchRoute->process()
#10 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/SetLocale.php(50): Laminas\Stratigility\Next->handle()
#11 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\SetLocale->process()
#12 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/CheckCsrfToken.php(23): Laminas\Stratigility\Next->handle()
#13 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\CheckCsrfToken->process()
#14 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/AuthenticateWithHeader.php(55): Laminas\Stratigility\Next->handle()
#15 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\AuthenticateWithHeader->process()
#16 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/AuthenticateWithSession.php(32): Laminas\Stratigility\Next->handle()
#17 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\AuthenticateWithSession->process()
#18 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/RememberFromCookie.php(51): Laminas\Stratigility\Next->handle()
#19 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\RememberFromCookie->process()
#20 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/StartSession.php(61): Laminas\Stratigility\Next->handle()
#21 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\StartSession->process()
#22 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Api/Middleware/FakeHttpMethods.php(29): Laminas\Stratigility\Next->handle()
#23 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Api\Middleware\FakeHttpMethods->process()
#24 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/ParseJsonBody.php(28): Laminas\Stratigility\Next->handle()
#25 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\ParseJsonBody->process()
#26 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Middleware/HandleErrors.php(57): Laminas\Stratigility\Next->handle()
#27 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Flarum\Http\Middleware\HandleErrors->process()
#28 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/MiddlewarePipe.php(84): Laminas\Stratigility\Next->handle()
#29 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/middlewares/request-handler/src/RequestHandler.php(84): Laminas\Stratigility\MiddlewarePipe->process()
#30 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Middlewares\RequestHandler->process()
#31 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/middlewares/base-path-router/src/BasePathRouter.php(97): Laminas\Stratigility\Next->handle()
#32 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Middlewares\BasePathRouter->process()
#33 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Middleware/OriginalMessages.php(42): Laminas\Stratigility\Next->handle()
#34 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Laminas\Stratigility\Middleware\OriginalMessages->process()
#35 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/middlewares/base-path/src/BasePath.php(53): Laminas\Stratigility\Next->handle()
#36 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/Next.php(61): Middlewares\BasePath->process()
#37 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/MiddlewarePipe.php(84): Laminas\Stratigility\Next->handle()
#38 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-stratigility/src/MiddlewarePipe.php(73): Laminas\Stratigility\MiddlewarePipe->process()
#39 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/laminas/laminas-httphandlerrunner/src/RequestHandlerRunner.php(96): Laminas\Stratigility\MiddlewarePipe->handle()
#40 /var/www/vhosts/domain.comm/subdomain.domain.comm/vendor/flarum/core/src/Http/Server.php(42): Laminas\HttpHandlerRunner\RequestHandlerRunner->run()
#41 /var/www/vhosts/domain.comm/subdomain.domain.comm/public/index.php(26): Flarum\Http\Server->listen()
#42 {main}

Flarum core 0.1.0-beta.12
PHP version: 7.3.11
Loaded extensions: Core, phpdbg_webhelper, date, libxml, openssl, pcre, sqlite3, zlib, bcmath, bz2, calendar, ctype, curl, dba, dom, hash, fileinfo, filter, ftp, gd, gettext, gmp, SPL, iconv, intl, json, ldap, mbstring, session, standard, odbc, pcntl, mysqlnd, PDO, pdo_dblib, pdo_mysql, PDO_ODBC, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, readline, Reflection, mysqli, shmop, SimpleXML, soap, sockets, sodium, exif, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, wddx, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, Zend OPcache
+----------------------+----------------+--------+
| Flarum Extensions    |                |        |
+----------------------+----------------+--------+
| ID                   | Version        | Commit |
+----------------------+----------------+--------+
| flarum-approval      | v0.1.0-beta.12 |        |
| flarum-bbcode        | v0.1.0-beta.12 |        |
| flarum-emoji         | v0.1.0-beta.12 |        |
| flarum-lang-english  | v0.1.0-beta.12 |        |
| flarum-flags         | v0.1.0-beta.12 |        |
| flarum-likes         | v0.1.0-beta.12 |        |
| flarum-lock          | v0.1.0-beta.12 |        |
| flarum-markdown      | v0.1.0-beta.12 |        |
| flarum-mentions      | v0.1.0-beta.12 |        |
| flarum-statistics    | v0.1.0-beta.12 |        |
| flarum-sticky        | v0.1.0-beta.12 |        |
| flarum-subscriptions | v0.1.0-beta.12 |        |
| flarum-suspend       | v0.1.0-beta.12 |        |
| flarum-tags          | v0.1.0-beta.12 |        |
| fof-byobu            | 0.4.1          |        |
| fof-upload           | 0.8.3          |        |
+----------------------+----------------+--------+

Response when downloading

{"errors":[{"status":"500","code":"unknown"}]}

clarkwinkelmann commented 4 years ago

@akizor check whether your webserver has IP whitelisting. Make sure the website can be accessed by the server itself (likely from 127.0.0.1). The 401 error is thrown by the webserver when Flarum tries to make a request to itself internally.

akizor commented 4 years ago

@clarkwinkelmann You are right, i do have a security layer that prevents that. It's not firewall, but the basic htaccess with htpasswd protection. In this case, can I force a file access directly and not through controller?

clarkwinkelmann commented 4 years ago

@akizor it's been designed that way to simplify the codebase across all drivers.

Are you able to add an exception for 127.0.0.1 to the htpasswd protection ?

akizor commented 4 years ago

@clarkwinkelmann You are the man. I have added the IP whitelist exception and it worked, however by whitelisting the server's IP, not just 127.0.0.1.

imorland commented 3 years ago

Closing as stale. Please feel free to re-open if neccessary

FriendsOfFlarum / upload

File download error - 404 #159