Open thiagoor-cpu opened 10 hours ago
Hello @thiagoor-cpu! I'm here to help you with any bugs, questions, or contributions you have for Stirling-PDF. Let's work together to solve the issue you're facing.
The "Forbidden:Forbidden" error you're encountering when using the "Remove Image PDF" feature in Stirling-PDF version 0.30.1 could be related to changes in security configurations or access control mechanisms between versions 0.29 and 0.30.1. Since you are using Docker with DOCKER_ENABLE_SECURITY=true
, it's important to ensure that your OAuth2 settings and API key configurations are correctly set up.
In version 0.30.1, Stirling-PDF uses OAuth2 for authentication and authorization when DOCKER_ENABLE_SECURITY
is enabled. Make sure that your OAuth2 provider settings, such as client ID and secret, are correctly configured. Additionally, check if the API key is correctly set in the request headers, as the UserAuthenticationFilter
class handles authentication by checking for an API key if no OAuth2 authentication exists [1][2].
Since you mentioned that other tools work fine and the issue seems specific to the "Remove Image PDF" feature, it might be worth checking if there are any specific permissions or configurations required for this feature in the new version. Also, consider reviewing any changes in the reverse proxy configuration, even though it hasn't changed, to ensure compatibility with the updated security settings.
To continue talking to Dosu, mention @dosu.
Sorry this is AI generated and under testing, please don't take it's advice as full truth
If you have edited it can you post your settings.yml
If you have edited it can you post your settings.yml
In using Oauth2 from google, I removed the keys in this post..
security:
enableLogin: true # set to 'true' to enable login
csrfDisabled: false # Set to 'true' to disable CSRF protection (not recommended for production)
loginAttemptCount: 5 # lock user account after 5 tries; when using e.g. Fail2Ban you can deactivate the function with -1
loginResetTimeMinutes: 60 # lock account for 2 hours after x attempts
loginMethod: oauth2 # 'all' (Login Username/Password and OAuth2[must be enabled and configured]), 'normal'(only Login with Username/Password) or 'oauth2'(only Login with OAuth2)
initialLogin:
username: '' # Initial username for the first login
password: '' # Initial password for the first login
oauth2:
enabled: true # set to 'true' to enable login (Note: enableLogin must also be 'true' for this to work)
client:
keycloak:
issuer: '' # URL of the Keycloak realm's OpenID Connect Discovery endpoint
clientId: '' # Client ID for Keycloak OAuth2
clientSecret: '' # Client Secret for Keycloak OAuth2
scopes: openid, profile, email # Scopes for Keycloak OAuth2
useAsUsername: preferred_username # Field to use as the username for Keycloak OAuth2
google:
clientId:
enterpriseEdition: enabled: false # set to 'true' to enable enterprise edition key: 00000000-0000-0000-0000-000000000000 CustomMetadata: autoUpdateMetadata: false # set to 'true' to automatically update metadata with below values author: username # Supports text such as 'John Doe' or types such as username to autopopulate with users username creator: Stirling-PDF # Supports text such as 'Company-PDF' producer: Stirling-PDF # Supports text such as 'Company-PDF'
legal: termsAndConditions: https://www.stirlingpdf.com/terms-and-conditions # URL to the terms and conditions of your application (e.g. https://example.com/terms) Empty string to disable or filename to load from local file in static folder privacyPolicy: https://www.stirlingpdf.com/privacy-policy # URL to the privacy policy of your application (e.g. https://example.com/privacy) Empty string to disable or filename to load from local file in static folder accessibilityStatement: '' # URL to the accessibility statement of your application (e.g. https://example.com/accessibility) Empty string to disable or filename to load from local file in static folder cookiePolicy: '' # URL to the cookie policy of your application (e.g. https://example.com/cookie) Empty string to disable or filename to load from local file in static folder impressum: '' # URL to the impressum of your application (e.g. https://example.com/impressum) Empty string to disable or filename to load from local file in static folder
system: defaultLocale: pt-BR # Set the default language (e.g. 'de-DE', 'fr-FR', etc) googlevisibility: false # 'true' to allow Google visibility (via robots.txt), 'false' to disallow enableAlphaFunctionality: false # Set to enable functionality which might need more testing before it fully goes live (This feature might make no changes) showUpdate: false # see when a new update is available showUpdateOnlyAdmin: false # Only admins can see when a new update is available, depending on showUpdate it must be set to 'true' customHTMLFiles: true # enable to have files placed in /customFiles/templates override the existing template html files tessdataDir: /usr/share/tessdata # Path to the directory containing the Tessdata files. This setting is relevant for Windows systems. For Windows users, this path should be adjusted to point to the appropriate directory where the Tessdata files are stored. enableAnalytics: false # Set to 'true' to enable analytics, set to 'false' to disable analytics, for enterprise users this is set to true
ui: appName:NAME COMPANY # Application's visible name homeDescription: NAME COMPANY # Short description or tagline shown on homepage. appNameNavbar: NAME COMPANY # Name displayed on the navigation bar
endpoints: toRemove: # List endpoints to disable (e.g. ['img-to-pdf', 'remove-pages'])
metrics:
enabled: true # 'true' to enable Info APIs (/api/*
) endpoints, 'false' to disable
Automatically Generated Settings (Do Not Edit Directly)
AutomaticallyGenerated:
key:
For testing can you try csrfDisabled to true?
Installation Method
Docker
The Problem
I tried "Remove Image PDF" in version 0.29 Docker and worked fine, now I tried the same PDF in 0.30.1 Docker and Im getting the error after hitting submit:
Error Forbidden:Forbidden
Its weird because info.log did not log a single thing related to it, looks like it didnt arrived to StirlingPDF, others tools work fine with the same PDF, like convert to Word and Rotate PDF.
Im behind Caddy reverse proxy but since it did not changed I dont think this is the problem.
Version of Stirling-PDF
0.30.1
Last Working Version of Stirling-PDF
0.29
Page Where the Problem Occurred
remove-image-pdf
Docker Configuration
Relevant Log Output
No response
Additional Information
No response
Browsers Affected
No response
No Duplicate of the Issue