chatbox and recaptcha

[gondimcodes]

Issue Type

• [X] Question

End User Info

-- UNIT3D Version: 1.9.1

-- Laravel Version: 5.8.3

-- PHP Version: 7.2.15

-- Database Driver & Version: Mariadb 10.2.22

-- Web Server Driver & Version: nginx 1.10.3

-- OS Driver and Version: Debian 9

Expected Behavior:

A doubt. After upgrading from 1.9 to 1.9.1, I noticed two things stopped: my chabox is no longer showing users online and recaptcha has stopped working.

supervisorctl

unit3d-queue:unit3d-queue_00 RUNNING pid 1655, uptime 0:08:28 unit3d-queue:unit3d-queue_01 RUNNING pid 1654, uptime 0:08:28 unit3d-socket-io:unit3d-socket-io_00 RUNNING pid 1653, uptime 0:08:28 supervisor>

Can you help me? Can I have done something wrong or did not do something necessary in the upgrade? Except for these 2 problems, everything else seems to be working perfectly. :)

Actual Behavior:

Steps To Reproduce The Problem:

1. 2. 3.

Possible Fix:

[HDVinnie]

Next time read the Release notes. https://github.com/HDInnovations/UNIT3D/releases/tag/v1.9.1

Your answers are there. Also in future the more info the better. Like did you manually update or use updater? What doesnt work about recaptcha? Img or error might help....

[gondimcodes]

But I read and did everything that is there. :) The recaptcha stopped appearing. Neither error shows.

[HDVinnie]

Again. What doesnt work about recaptcha? Img or error might help.... Check browser console for errors on chat page and login page.

[gondimcodes]

I changed the .env file and the secure-headers.php file by swapping unit3d.org for my domain and even then the chatbox does not show users online. I think it might be something else.

recaptcha: https://i.imgur.com/hqEqEGj.png

[HDVinnie]

From sounds/looks of it you didn't use the updater tool and instead manually upgraded and messed something up. This is not a issue with UNIT3D. v1.9.1 was tested on two dev servers and locally before being released. (Also live on demo site). Also others have upgraded no issues. If your not going to use our updater tool and instead manually then this is your issue. We do not offer support on custom instances of UNIT3D. That is NOT what this issue tracker is for. If you need additional help I suggest you either do a full compare of your files vs UNIT3D master or become a patron and seek support in our discord server.

I can see right off bat your using a different recaptcha url then UNIT3Ds default which is why its being block as its not whitelisted in CSP. Default is https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__en.js and yours is pt_br version.

Good Luck.

[gondimcodes]

The only tool I use to update is this:

php artisan git:update

I'm going back to version 1.9 that was OK. Thank you! Maybe someone discovers the problem and fixes it up there and I update again.

[HDVinnie]

I already told you your issues and how to fix recaptcha. Your not using UNIT3D recaptcha dependency default. Proof?

config/secure-headers.php Set 'custom-csp' => null, to 'custom-csp' => '', and see if it starts working again.

[HDVinnie]

You also have yet to provide console errors for chat so cannot help you there.

[gondimcodes]

Now everything worked, chatbox and recaptcha. But I've never altered this file. I just changed it now in version 1.9.1 following the link https://github.com/HDInnovations/UNIT3D/releases/tag/v1.9.1

Somewhere you put this information?

config / secure-headers.php Set 'custom-csp' => null, to 'custom-csp' => '', and see if it starts working again.

Because I did not find it at https://github.com/HDInnovations/UNIT3D/releases/tag/v1.9.1

But thank you because everything is now perfect. :)

[gondimcodes]

You also have yet to provide console errors for chat so cannot help you there.

After I did this the chatbox came back up and running:

config/secure-headers.php Set 'custom-csp' => null, to 'custom-csp' => '', and see if it starts working again.

[HDVinnie]

@tuxfrw you are missing the point here. You DO NOT want to disable CSP. Its a content security policy! I only gave example above to prove your instance is not same as UNIT3D default.

You should keep it on and just adjust your config.

For instance. Set 'custom-csp' => null, and then update your resources.

Default

        'script-src' => [
            'allow' => [
                'https://www.google.com/recaptcha/api.js',
                'https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__en.js',
                'https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.11.1/moment-with-locales.min.js',
                'https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.3.0/Chart.min.js',
                'https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.15.35/js/bootstrap-datetimepicker.min.js',
            ],

You need

        'script-src' => [
            'allow' => [
                'https://www.google.com/recaptcha/api.js',
                'https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__pt_br.js',
                'https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.11.1/moment-with-locales.min.js',
                'https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.3.0/Chart.min.js',
                'https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.15.35/js/bootstrap-datetimepicker.min.js',
            ],

Key change being 'https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__pt_br.js', over en version.

[gondimcodes]

The recaptcha worked by switching to pt_br but the chatbox stopped again. Is there another place for me to change too and the chatbox back to work?

[HDVinnie]

Have you provided me with the error from console I asked for multiple times?

[gondimcodes]

https://i.imgur.com/sPvxkim.png

[HDVinnie]

Clear your browsers cache/data. Then restart your browser. Then reinspect home page for console errors please.

[gondimcodes]

I tried to clean here and took another screenshot: https://i.imgur.com/qBxLklm.png

[HDVinnie]

PM me on discord

[gondimcodes]

I do not speak English very well. I will do so, I will leave in this way that is working both the recaptcha and the chatbox. I know you said it is not the right thing to do but I do not want to disturb you any more. I'll give a lookup on CSP. Thanks anyway for the help. Set 'custom-csp' => null, to 'custom-csp' => '',

[gondimcodes]

Hi,

Changing this part of the code will work with en, pt_br and others. It would be an idea only.

diff --git a/config/secure-headers.php b/config/secure-headers.php
index 7ebd8cf8..7fb3197c 100644
--- a/config/secure-headers.php
+++ b/config/secure-headers.php
@@ -391,7 +391,7 @@ return [
      * Note: custom-csp does not support report-only.
      */

-    'custom-csp' => '',
+    'custom-csp' => null,

     'csp' => [
         'report-only' => false,
@@ -411,8 +411,8 @@ return [

         'script-src' => [
             'allow' => [
-                'https://www.google.com/recaptcha/api.js',
-                'https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__en.js',
+                'https://www.google.com/recaptcha/',
+                'https://www.gstatic.com/recaptcha/',
                 'https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.11.1/moment-with-locales.min.js',
                 'https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.3.0/Chart.min.js',
                 'https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.15.35/js/bootstrap-datetimepicker.min.js',