Force Login & UI Plugin (Nautilus)

[MoonshineSG]

What were you doing?

Using Nautilus (UIPlugin ) and octoprint 1.3.10 with ForceLogin enabled (by default) will cause Nautilus not to load until after a user login which defeats the purpose of API-KEY (?)

What did you expect to happen?

seamless loading of the custom UI

What happened instead?

prompted to login

Did the same happen when running OctoPrint in safe mode?

n/a

Version of OctoPrint

1.3.10

Operating System running OctoPrint

OctoPi, but happens on othwrs as well

Printer model & used firmware incl. version

n/a

Browser and version of browser, operating system running browser

n/a

Link to octoprint.log

Link to contents of terminal tab or serial.log

Link to contents of Javascript console in the browser

Screenshot(s)/video(s) showing the problem:

I have read the FAQ.

[foosel]

Hey, can you please also provide:

• unmodified full length octoprint.log
• the contents of your JS error console

[MoonshineSG]

there's nothing on the JS console.

octorint.log

2019-01-13 19:32:11,525 - octoprint.startup - INFO - ******************************************************************************
2019-01-13 19:32:11,526 - octoprint.startup - INFO - Starting OctoPrint 1.3.10.post0.dev0+g112a8b9
2019-01-13 19:32:11,526 - octoprint.startup - INFO - --- Logged during platform initialization: -----------------------------------
2019-01-13 19:32:11,472 - py.warnings - WARNING - /home/octoprint/OctoPrint/venv/lib/python2.7/site-packages/pkg_resources.py:1054: UserWarning: /home/octoprint/.python-eggs is writable by group/others and vulnerable to attack when used with get_resource_filename. Consider a more secure location (set with .set_extraction_path or the PYTHON_EGG_CACHE environment variable).
  warnings.warn(msg, UserWarning)

2019-01-13 19:32:11,526 - octoprint.startup - INFO - ------------------------------------------------------------------------------
2019-01-13 19:32:11,526 - octoprint.startup - INFO - ******************************************************************************
2019-01-13 19:32:12,503 - octoprint.startup - INFO - Blacklist processing done, adding 1 blacklisted plugin versions: roomtemp (any)
2019-01-13 19:32:12,514 - octoprint.plugin.core - INFO - Loading plugins from /home/octoprint/OctoPrint/src/octoprint/plugins, /home/octoprint/.octoprint/plugins and installed plugin packages...
2019-01-13 19:32:17,324 - octoprint.plugin.core - INFO - Plugin Discovery is disabled.
2019-01-13 19:32:17,331 - octoprint.plugin.core - INFO - Plugin CuraEngine (<= 15.04) is disabled.
2019-01-13 19:32:17,341 - octoprint.plugin.core - INFO - Plugin Pi Support Plugin did not pass check, not loading.
2019-01-13 19:32:17,392 - octoprint.plugin.core - INFO - Plugin OctoPi Support Plugin did not pass check, not loading.
2019-01-13 19:32:17,399 - octoprint.plugin.core - INFO - Plugin Announcement Plugin is disabled.
2019-01-13 19:32:17,486 - octoprint.plugin.core - INFO - Found 18 plugin(s) providing 15 mixin implementations, 24 hook handlers
2019-01-13 19:32:17,519 - octoprint.server.heartbeat - INFO - Starting server heartbeat, 900.0s interval
2019-01-13 19:32:17,530 - octoprint.server - INFO - Intermediary server started
2019-01-13 19:32:17,530 - octoprint.plugin.core - INFO - Loading plugins from /home/octoprint/OctoPrint/src/octoprint/plugins, /home/octoprint/.octoprint/plugins and installed plugin packages...
2019-01-13 19:32:17,535 - octoprint.plugin.core - INFO - Plugin Pi Support Plugin did not pass check, not loading.
2019-01-13 19:32:17,536 - octoprint.plugin.core - INFO - Plugin OctoPi Support Plugin did not pass check, not loading.
2019-01-13 19:32:17,582 - octoprint.plugin.core - INFO - Found 18 plugin(s) providing 15 mixin implementations, 24 hook handlers
2019-01-13 19:32:17,600 - octoprint.filemanager.storage - INFO - Initializing the file metadata for /home/octoprint/.octoprint/uploads...
2019-01-13 19:32:17,797 - octoprint.filemanager.storage - INFO - ... file metadata for /home/octoprint/.octoprint/uploads initialized successfully.
2019-01-13 19:32:17,811 - octoprint.plugins.multi_colors - INFO - MultiColors init
2019-01-13 19:32:17,877 - octoprint.plugins.softwareupdate - INFO - Loaded version cache from disk
2019-01-13 19:32:17,879 - octoprint.plugins.nautilus - INFO - 6 device(s) will receive notifications...
2019-01-13 19:32:17,881 - octoprint.plugins.nautilus - INFO - Nautilus for OctoPrint, started.
2019-01-13 19:32:18,460 - octoprint.util.pip - INFO - Using "/home/octoprint/OctoPrint/venv/bin/python2.7 -m pip" as command to invoke pip
2019-01-13 19:32:19,027 - octoprint.util.pip - INFO - Version of pip is 9.0.1
2019-01-13 19:32:19,028 - octoprint.util.pip - INFO - pip installs to /home/octoprint/OctoPrint/venv/lib/python2.7/site-packages (writable -> yes), --user flag needed -> no, virtual env -> yes
2019-01-13 19:32:19,028 - octoprint.util.pip - INFO - ==> pip ok -> yes
2019-01-13 19:32:19,030 - octoprint.plugin.core - INFO - Initialized 15 plugin implementation(s)
2019-01-13 19:32:19,032 - octoprint.plugin.core - INFO - 18 plugin(s) registered with the system:
|  Action Command Prompt Support (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/action_command_prompt
|  Active Filters (0.0.1) = /home/octoprint/OctoPrint/venv/lib/python2.7/site-packages/octoprint_active_filters
| !Announcement Plugin (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/announcements
|  Anonymous Usage Tracking (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/tracking
|  Application Keys Plugin (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/appkeys
|  Backup & Restore (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/backup
|  Core Wizard (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/corewizard
| !CuraEngine (<= 15.04) (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/cura
| !Discovery (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/discovery
|  Force Login (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/forcelogin
|  Logging (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/logging
|  Multi Colors (1.0.16) = /home/octoprint/OctoPrint/venv/lib/python2.7/site-packages/octoprint_multi_colors
|  Nautilus (1.22) = /home/octoprint/OctoPrint/venv/lib/python2.7/site-packages/octoprint_nautilus
|  Navbar Temperature Plugin (0.11) = /home/octoprint/OctoPrint/venv/lib/python2.7/site-packages/octoprint_navbartemp
|  Plugin Manager (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/pluginmanager
|  Printer Safety Check (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/printer_safety_check
|  Software Update (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/softwareupdate
|  Virtual Printer (bundled) = /home/octoprint/OctoPrint/src/octoprint/plugins/virtual_printer
2019-01-13 19:32:19,037 - octoprint.environment - INFO - Detected environment is Python 2.7.13 under Linux (linux2). Details:
|  hardware:
|    cores: 1
|    freq: unknown
|    ram: 1044877312
|  os:
|    id: linux
|    platform: linux2
|  python:
|    pip: 9.0.1
|    version: 2.7.13
|    virtualenv: /home/octoprint/OctoPrint/venv
2019-01-13 19:32:19,040 - octoprint.server - INFO - Reset webasset folder /home/octoprint/.octoprint/generated/webassets...
2019-01-13 19:32:19,046 - octoprint.server - INFO - Reset webasset folder /home/octoprint/.octoprint/generated/.webassets-cache...
2019-01-13 19:32:19,104 - octoprint.server - INFO - Shutting down intermediary server...
2019-01-13 19:32:19,536 - octoprint.server - INFO - Intermediary server shut down
2019-01-13 19:32:19,538 - octoprint.events - INFO - Processing startup event, this is our first event
2019-01-13 19:32:19,538 - octoprint.events - INFO - Adding 0 events to queue that were held back before startup event
2019-01-13 19:32:19,544 - octoprint.filemanager - INFO - Adding backlog items from all storage types to analysis queue...
2019-01-13 19:32:19,546 - octoprint.filemanager - INFO - Added 0 items from storage type "local" to analysis queue
2019-01-13 19:32:19,586 - octoprint.server - INFO - Listening on http://[::]:5000
2019-01-13 19:32:19,587 - octoprint.plugins.nautilus - DEBUG - Logging level is DEBUG...
2019-01-13 19:32:19,589 - octoprint.util.comm - INFO - Changing monitoring state from "Offline" to "Opening serial port"
2019-01-13 19:32:19,591 - octoprint.util.comm - INFO - Changing monitoring state from "Opening serial port" to "Connecting"
2019-01-13 19:32:19,593 - octoprint.util.comm - INFO - M110 detected, setting current line number to 0
2019-01-13 19:32:19,594 - octoprint.util.comm - INFO - M110 detected, setting current line number to 0
2019-01-13 19:32:19,589 - octoprint.plugin - ERROR - Error while calling plugin navbartemp
Traceback (most recent call last):
  File "/home/octoprint/OctoPrint/src/octoprint/plugin/__init__.py", line 230, in call_plugin
    result = getattr(plugin, method)(*args, **kwargs)
  File "/home/octoprint/OctoPrint/venv/lib/python2.7/site-packages/octoprint_navbartemp/__init__.py", line 35, in on_after_startup
    self.sbc = SBCFactory().factory(self._logger)
  File "/home/octoprint/OctoPrint/venv/lib/python2.7/site-packages/octoprint_navbartemp/libs/sbc.py", line 29, in factory
    elif self._is_rpi(logger):
  File "/home/octoprint/OctoPrint/venv/lib/python2.7/site-packages/octoprint_navbartemp/libs/sbc.py", line 45, in _is_rpi
    if match.group(1) in self.piSocTypes:
AttributeError: 'NoneType' object has no attribute 'group'
2019-01-13 19:32:19,612 - octoprint.util.comm - INFO - Changing monitoring state from "Connecting" to "Operational"
2019-01-13 19:32:19,613 - octoprint.util.comm - INFO - M110 detected, setting current line number to 0
2019-01-13 19:32:19,614 - octoprint.plugins.nautilus - DEBUG - Can't read the hotend config file. Default values used.
2019-01-13 19:32:19,620 - octoprint.util.comm - INFO - Printer reports firmware name "Virtual Marlin 1.0"
2019-01-13 19:32:19,620 - octoprint.util.comm - INFO - Firmware states that it supports emergency GCODEs M108 and M410 to be sent without waiting for an acknowledgement first
2019-01-13 19:32:19,621 - octoprint.util.comm - INFO - Firmware states that it supports sd status autoreporting
2019-01-13 19:32:19,622 - octoprint.util.comm - INFO - Firmware states that it supports temperature autoreporting
2019-01-13 19:32:20,234 - octoprint.util.pip - INFO - Using "/home/octoprint/OctoPrint/venv/bin/python2.7 -m pip" as command to invoke pip
2019-01-13 19:32:20,234 - octoprint.util.pip - INFO - pip installs to /home/octoprint/OctoPrint/venv/lib/python2.7/site-packages (writable -> yes), --user flag needed -> no, virtual env -> yes
2019-01-13 19:32:20,234 - octoprint.util.pip - INFO - ==> pip ok -> yes
2019-01-13 19:32:20,771 - octoprint.plugins.pluginmanager - INFO - Loaded plugin repository data from https://plugins.octoprint.org/plugins.json
2019-01-13 19:32:21,700 - octoprint.plugins.pluginmanager - INFO - Loaded plugin notices data from https://plugins.octoprint.org/notices.json
2019-01-13 19:32:23,161 - octoprint.util.pip - INFO - Using "/home/octoprint/OctoPrint/venv/bin/python2.7 -m pip" as command to invoke pip
2019-01-13 19:32:23,208 - octoprint.util.pip - INFO - Using "/home/octoprint/OctoPrint/venv/bin/python2.7 -m pip" as command to invoke pip
2019-01-13 19:32:23,218 - octoprint.util.pip - INFO - Using "/home/octoprint/OctoPrint/venv/bin/python2.7 -m pip" as command to invoke pip
2019-01-13 19:32:23,218 - octoprint.util.pip - INFO - Using "/home/octoprint/OctoPrint/venv/bin/python2.7 -m pip" as command to invoke pip
2019-01-13 19:32:24,224 - octoprint.util.pip - INFO - pip installs to /home/octoprint/OctoPrint/venv/lib/python2.7/site-packages/ (writable -> yes), --user flag needed -> no, virtual env -> yes
2019-01-13 19:32:24,224 - octoprint.util.pip - INFO - ==> pip ok -> yes
2019-01-13 19:32:24,299 - octoprint.plugins.softwareupdate - INFO - Saved version cache to disk
2019-01-13 19:32:24,309 - octoprint.server.preemptive_cache - INFO - Preemptively caching / (ui nautilus) for {'query_string': 'l10n=en', 'path': '/', 'base_url': 'http://octoprint.xxxxxxxxx.xxx/'}
2019-01-13 19:32:24,377 - octoprint.server.views - ERROR - Error while retrieving template data for plugin navbartemp, ignoring it
Traceback (most recent call last):
  File "/home/octoprint/OctoPrint/src/octoprint/server/views.py", line 635, in fetch_template_data
    configs = implementation.get_template_configs()
  File "/home/octoprint/OctoPrint/venv/lib/python2.7/site-packages/octoprint_navbartemp/__init__.py", line 82, in get_template_configs
    if self.sbc.is_supported:
AttributeError: 'NoneType' object has no attribute 'is_supported'
2019-01-13 19:32:24,477 - octoprint.server.util.flask - DEBUG - No cache entry or refreshing cache for / (key: ui:nautilus:http://octoprint.xxxxxxxxx.xxx/:en), calling wrapped function
2019-01-13 19:32:24,477 - octoprint.plugins.nautilus - DEBUG - on_ui_render request headers:
2019-01-13 19:32:24,477 - octoprint.plugins.nautilus - DEBUG - X-Force-View: nautilus
Host: octoprint.xxxxxxxxx.xxx
Content-Length: 0
Content-Type: 
X-Preemptive-Record: no

2019-01-13 19:32:24,478 - octoprint.plugins.nautilus - DEBUG - has_custom_power ? False
2019-01-13 19:32:24,561 - octoprint.server.util.flask - DEBUG - Needed 0.08s to render / (key: ui:nautilus:http://octoprint.xxxxxxxxx.xxx/:en)
2019-01-13 19:32:24,562 - octoprint.server.preemptive_cache - INFO - ... done in 0.25s
2019-01-13 19:32:24,563 - octoprint.server.preemptive_cache - INFO - Preemptively caching / (ui _default) for {'query_string': 'l10n=en', 'path': '/', 'base_url': 'http://octoprint.xxxxxxxxx.xxx/'}
2019-01-13 19:32:24,571 - octoprint.server.util.flask - DEBUG - No cache entry or refreshing cache for / (key: ui:_default:http://octoprint.xxxxxxxxx.xxx/:en), calling wrapped function
2019-01-13 19:32:26,980 - octoprint.server.util.flask - DEBUG - Needed 2.41s to render / (key: ui:_default:http://octoprint.xxxxxxxxx.xxx/:en)
2019-01-13 19:32:26,982 - octoprint.server.preemptive_cache - INFO - ... done in 2.42s
2019-01-13 19:33:12,429 - octoprint.server.util.flask - DEBUG - App sessions after cleanup: {}
2019-01-13 19:33:12,504 - octoprint.server.views - ERROR - Error while retrieving template data for plugin navbartemp, ignoring it
Traceback (most recent call last):
  File "/home/octoprint/OctoPrint/src/octoprint/server/views.py", line 635, in fetch_template_data
    configs = implementation.get_template_configs()
  File "/home/octoprint/OctoPrint/venv/lib/python2.7/site-packages/octoprint_navbartemp/__init__.py", line 82, in get_template_configs
    if self.sbc.is_supported:
AttributeError: 'NoneType' object has no attribute 'is_supported'
2019-01-13 19:33:12,532 - octoprint.server.util.flask - DEBUG - No cache entry or refreshing cache for / (key: ui:forcelogin:http://octoprint.xxxxxxxxx.xxx/:en), calling wrapped function
2019-01-13 19:33:12,635 - octoprint.server.util.flask - DEBUG - Needed 0.10s to render / (key: ui:forcelogin:http://octoprint.xxxxxxxxx.xxx/:en)
2019-01-13 19:33:12,974 - tornado.access - WARNING - 400 GET /sockjs/028/zx0q0ps5/websocket (YY.YY.YY.YY) 0.75ms
2019-01-13 19:33:12,986 - octoprint.server.util.sockjs - INFO - New connection from client: YY.YY.YY.YY

[foosel]

I need some more information on how your plugin/app is working in order to a) understand the problem and b) find a good solution that doesn't undermine general security.

From what I've found in [your companion plugin's source](), your plugin implements a custom UiPlugin which renders a jinja file. Included in this file is the JS file [main.js]() which contains a function initialize that gets initialized with an apikey variable and then sets the corresponding header on the jquery REST API.

What I so far do not understand is

1. where does this apikey variable get filled in? And where does the initialize method get called in the first place? I couldn't find either in the source. Is that something that happens in the app component? If so, how exactly?
2. I understand (also from our chat before) that your app calls the UI in a built in web view. From the source I take it that it sets a custom User Agent that tells the UiPlugin implementation that it is the responsibly party to take care of this request. What else does it send? Or is that all that it does?

Ideally, provide as much information about the app workflow that you can provide here (if possible even with some form of flow chart).

---

which defeats the purpose of API-KEY (?)

Just for the record, the API key is - as the name implies - an API key, not a "get limitless access to the frontend" key ;) But the ForceLogin plugin should indeed take it into account and it's not currently doing that, which I'll have to fix. That fix will do nothing though if the app in question is not providing the API key in the header of the initial call to display the web view though, hence the above questions to figure out what you are even doing :)

[foosel]

But the ForceLogin plugin should indeed take it into account and it's not currently doing that, which I'll have to fix.

This is fixed by the above commit. So if you access the UI with an API key provided, that will now create a session for the user and make the forcelogin plugin stand down.

And that's actually the only thing I want to change here in the implementation, since it doesn't open a hole.

What you can do until 1.3.11 is released is adjust your companion plugin to provide a sorting key for the UiPlugin.on_render_ui sorting context. Any value will do - the forcelogin plugin currently doesn't have a sorting key but will have value 0 starting with 1.3.11. That way your UiPlugin will be ordered before the forcelogin plugin and hence "win".

Note that depending on whether you also use the push socket you'll also have to modify your client to send an auth message on that if you want to receive data.

[MoonshineSG]

so if the Nautilus plugin implements a sorting key, it can bypass the ForceLogin ? And the plugins with the highest number will run first ?

[foosel]

Yes, but as I said, that should only be a workaround until 1.3.11 is out. The correct (and safer) approach will be to send the configured API key with your request (e.g. in the header).

If you implement a sorting key of 1 and also start sending the api key with the initial request, stuff should work fine with both 1.3.10 and 1.3.11+.

[MoonshineSG]

yes... i'll send a new app to apple for approval asap...

"1" is enough ? I went with 999 to be safe :D

[foosel]

Stuff is sorted ascending - the higher, the further back ;)

So 0, 1, 999. But in 1.3.10 ForceLogin has no sorting key so it will sort after 999.

Also before you go through any kind of approval processes, please test - it should like I said, and in my tests it is, but better make sure that really makes your app work.

[MoonshineSG]

I need some more information on how your plugin/app is working in order to a) understand the problem and b) find a good solution that doesn't undermine general security.

From what I've found in your companion plugin's source, your plugin implements a custom UiPlugin which renders a jinja file. Included in this file is the JS file main.js which contains a function initialize that gets initialized with an apikey variable and then sets the corresponding header on the jquery REST API.

What I so far do not understand is

1. where does this apikey variable get filled in? And where does the initialize method get called in the first place? I couldn't find either in the source. Is that something that happens in the app component? If so, how exactly?
2. I understand (also from our chat before) that your app calls the UI in a built in web view. From the source I take it that it sets a custom User Agent that tells the UiPlugin implementation that it is the responsibly party to take care of this request. What else does it send? Or is that all that it does?

Ideally, provide as much information about the app workflow that you can provide here (if possible even with some form of flow chart).

which defeats the purpose of API-KEY (?)

Just for the record, the API key is - as the name implies - an API key, not a "get limitless access to the frontend" key ;) But the ForceLogin plugin should indeed take it into account and it's not currently doing that, which I'll have to fix. That fix will do nothing though if the app in question is not providing the API key in the header of the initial call to display the web view though, hence the above questions to figure out what you are even doing :)

probably not needed anymore, but here go soem answers...

1. yes, the app calls the initialize JS with [nautilusView evaluateJavaScript:[NSString stringWithFormat: @"initialize(\"%@\");", selectedPrinter.apikey] ...

2. Beside UI injection and calling the initialize JS, the app handles URL and APIKEY setuop for use with single or multi printers... (and stating new version will sent the APIKEY with the initial request.... so it will send it twice, but for now that will have to do it....)

[MoonshineSG]

I've implemented the APIKEY on first call, sorting key "1" and "auth" for push socket and tested on current 1.3.10 and on the "maintenenace" branch and everythign seams to work well.... thank you.

[foosel]

1.3.11 was released yesterday.

[MoonshineSG]

with 1.3.11 now there's a "403" when accessing static files that come with the plugin... (ex: /plugin/nautilus/static/js/version.js) anything has change after 1.3.10 in that regards ?

[MoonshineSG]

this only happens when the AccessCOntrol is enabled...

[MoonshineSG]

seams to be related to ForceLogin... works well with FL disabled... Doest the FL now applies to static files as well ? is that new ?

[foosel]

It certainly shouldn't, and there also were no changes to the forcelogin plugin between 1.3.10 and 1.3.11 other than these:

• 47179f29568ef14761043392810bc4c5fa4d209b
• 17a7e508c3d1916c3ee77687fb441f489e019b1a
• b353c4eee2bd0dbc559dd65a270bea5e2eaf30a3

None of those would explain this.

I also just tested against a not logged in session by fetching the static js file of the tracking plugin (/plugin/tracking/static/js/usage.js) and also of a third party plugin I had installed (/plugin/mqtt/static/js/mqtt.js), no error here.

Please open a new complete ticket and ideally provide a minimal viable plugin with which to reproduce the behaviour so that I can take a look at the exact issue you are seeing.

PS: 1.3.11 was in RC phase for nearly two months. It would be great if you could take advantage of the RC phase in the future and test your plugin against an RC to identify any kind of issues before the stable release 😉

[MoonshineSG]

Hmm.... something must have changed since .10 (which was working).... I know it’s on me, because I didn’t have time to run tests on RCs... I guess i’ll have to go back in time and check for changes.... oh well...

[MoonshineSG]

Strangely it works once I add the apikey in the header for the .js file... I’ll dig a bit further, but at least I know that I can fix it

[foosel]

It definitely should also work without that. As I said, I happily opened up static resources in an unauthenticated browser session.

[MoonshineSG]

yes, so can I. But not for static files under my plugin... :D Not sure why... but it's ok. I will just send the apikey in all requests and that seams to be solving the issue...

[foosel]

Hm... I'm honestly not too happy with that solution. You shouldn't need to send the (sensitive) API key with requests for static files. I'd rather figure out why you appear to need that instead of you putting in somewhat dirty workarounds.

It happens only with your plugin, do I understand that correctly? Other plugins work fine with regards to access to static assets?

[MoonshineSG]

ok... i'll try to see why the problem occurs (and did not occur in 1.3.10)

I can load static files files from other plugins without any issue. things that might be "special" about my plugin: it's a UIPlugin and has "get_sorting_key" which returns 1...

[foosel]

I just installed your plugin and can reproduce. Will take a look on my side as well.

[foosel]

Found something. It's an unwelcome and unintentional side effect of your plugin implementing both the BlueprintPlugin and the AssetPlugin mixin. I created a minimal viable plugin with which I can reproduce the problem. So that's a bug, ticket for it is #3176

[MoonshineSG]

thank you. there is no way I would have figured that out on my own :D So i'm submiting to apple the work around (dirty as it may be) so that at least the access to the plugin is restored...

PS Are BlueprintPlugin & AssetPlugin not supposed to be used together ?

[foosel]

So i'm submiting to apple the work around (dirty as it may be) so that at least the access to the plugin is restored...

Sounds like a good intermediary solution.

PS Are BlueprintPlugin & AssetPlugin not supposed to be used together ?

Oh, they are. This was simply an oversight which I didn't notice in any of my tests (and apparently neither did anyone else) because usually there's no need to access static files in an unauthorized context. Your use case was simply too unique and hence slipped through.

[foosel]

Bug is btw already fixed on maintenance

[MoonshineSG]

Your use case was simply too unique and hence slipped through. sorry to cause trouble, but also a good thing the bug was found and crushed :D

Thanks for your help!

[foosel]

No need to be sorry, I'm glad this got found and I could fix it.

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.