Open Kimi-Arthur opened 1 year ago
Hello @Kimi-Arthur. This does not look like a Flutter issue, but rather a permissions issue on your machine. We also do not provide support for 3rd party libraries / technologies like NGINX.
If you need help with your code, please see https://flutter.dev/community for resources and asking questions like this, you may also get some help if you post it on Stack Overflow Closing, as this isn't an issue with Flutter itself. If you disagree, please write in the comments and I will reopen it. Thank you
The root cause is that the permission of files in the zip package downloaded from here contains files that are not accessible by non-owners. Flutter builder shouldn't take the random files from external sources and not guarantee the consistency.
You can examine the example zip file to see that (maybe not the exact version I get, but should be similar). The files have the permission situations as I said.
It has nothing to do with my machine or NGINX, but for anyone serving the files (since it's targeting the web, which will be served by some web server other than just nodejs) with a different user than default. The files generated by flutter build web
should have a consistent permission behavior.
Could you provide a way to reliably reproduce this issue, without the use of any 3rd party dependencies?
If you mean to verify the permission is problematic. Just do the first two steps and go to build/web/canvaskit
folder and list (ls -l
) the files there. You will see the files there (like canvaskit.js
) have a permission like -rw-------
, which is different than those from the upper folder -rw-rw-r--
.
@Kimi-Arthur Can you reproduce this issue on local NGINX server? I tested this on my local NGINX server but it works as expected (using NGINX 1.23.3
)
Is your NGINX using a different user than your default?
Here is another to reproduce the case besides just checking the file permissions:
su
or sudo su
to another userbuild/web
folderpython3 -m http.server
::1 - - [18/Jan/2023 10:40:34] "GET /canvaskit/canvaskit.js HTTP/1.1" 404 -
::1 - - [18/Jan/2023 10:43:06] code 404, message File not found
Is your NGINX using a different user than your default?
My NGINX is the default after installing:
➜ ~ cat /usr/local/etc/nginx/nginx.conf
#user nobody;
Here is another to reproduce the case besides just checking the file permissions:
I also try your second reproduction above, but it still works well:
sh-3.2# python3 -m http.server
Serving HTTP on :: port 8000 (http://[::]:8000/) ...
::1 - - [19/Jan/2023 15:00:51] "GET / HTTP/1.1" 200 -
::1 - - [19/Jan/2023 15:00:51] "GET /flutter.js HTTP/1.1" 200 -
::1 - - [19/Jan/2023 15:00:51] "GET /favicon.png HTTP/1.1" 200 -
::1 - - [19/Jan/2023 15:00:51] "GET /flutter_service_worker.js?v=3550686634 HTTP/1.1" 200 -
::1 - - [19/Jan/2023 15:00:51] "GET /index.html HTTP/1.1" 200 -
::1 - - [19/Jan/2023 15:00:51] "GET /main.dart.js HTTP/1.1" 200 -
::1 - - [19/Jan/2023 15:00:51] "GET /assets/AssetManifest.json HTTP/1.1" 200 -
::1 - - [19/Jan/2023 15:00:51] "GET /assets/FontManifest.json HTTP/1.1" 200 -
::1 - - [19/Jan/2023 15:00:52] "GET /assets/fonts/MaterialIcons-Regular.otf HTTP/1.1" 200 -
::1 - - [19/Jan/2023 15:00:52] "GET /assets/packages/cupertino_icons/assets/CupertinoIcons.ttf HTTP/1.1" 200 -
::1 - - [19/Jan/2023 15:00:54] "GET /manifest.json HTTP/1.1" 200 -
::1 - - [19/Jan/2023 15:00:56] "GET / HTTP/1.1" 304 -
::1 - - [19/Jan/2023 15:00:59] "GET /flutter_service_worker.js?v=3550686634 HTTP/1.1" 304 -
Please check your nginx configuration again and retry.
For the NGINX config, the nobody
line is commented out, so it's still using the default user instead of nobody
. The common practice would be to use another user, so that access can be limited, like this one suggested by Arch Linux Wiki.
For sudo su
, maybe I wasn't super clear in my last comment. You need to change to another user, but not root
, which is implied if no user is given to sudo su
. So if you have a different user called abc
on the same machine, you should do sudo su abc
, and that should bring you to the state where the file is not accessible.
Bottom line, could you please screenshot the contents inside the build/web/canvaskit
folder (via ls -l
)? If it does not have permission like 660
(or -rw-------
), then maybe I messed some local configurations.
You need to change to another user, but not root, which is implied if no user is given to sudo su. So if you have a different user called abc on the same machine, you should do sudo su abc, and that should bring you to the state where the file is not accessible.
I created a normal user but it can not start a server. Perhaps it needs to be added some config.
bash-3.2$ python3 -m http.server
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
Traceback (most recent call last):
File "/usr/local/Cellar/python@3.10/3.10.9/Frameworks/Python.framework/Versions/3.10/lib/python3.10/runpy.py", line 196, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/usr/local/Cellar/python@3.10/3.10.9/Frameworks/Python.framework/Versions/3.10/lib/python3.10/runpy.py", line 86, in _run_code
exec(code, run_globals)
File "/usr/local/Cellar/python@3.10/3.10.9/Frameworks/Python.framework/Versions/3.10/lib/python3.10/http/server.py", line 1281, in <module>
parser.add_argument('--directory', '-d', default=os.getcwd(),
PermissionError: [Errno 13] Permission denied
bash-3.2$
Bottom line, could you please screenshot the contents inside the build/web/canvaskit folder (via ls -l)?
➜ canvaskit ls -l
total 13920
-rw------- 1 huynq staff 125259 Dec 31 1979 canvaskit.js
-rw------- 1 huynq staff 6999351 Dec 31 1979 canvaskit.wasm
drwxr-xr-x 4 huynq staff 128 Jan 17 17:56 profiling
The canvaskit files (both normal ones and profiling ones, both js and wasm) in build/web folder only has read permission for owner (600).
Comparing to your result above, it means that the owner has full read and write access.
I'm not sure the reason why you had the error with 404 code (as the log at https://github.com/flutter/flutter/issues/118473#issuecomment-1386765305) but maybe it's a permission issue in the system, please check again and give us the information you find.
I see that you have the same permission as I do. That's the problem I pointed out in the first place, i.e. only the owner can access these files. However, if you look at other files, like flutter.js
etc, they are accessible to all users. If you can make them consistent, that'd be great (and will fix this issue in the scenarios I was intented to deploy the Flutter web app).
The 404 is because I don't have other issues, like your user (huynq
) doesn't even have access to the root folder of the project.
Just to be clear, in this comment, I said if you see -rw-------
in listing the canvaskit files, it means it's broken (or expectedly incorrect state).
To make it work for my scenario, I have to change its permissions to -rw-r--r--
(or -rw-rw-r--
) like other files (flutter.js
, main.dart.js
etc.) to make it work. It would be great if flutter build
can fix it during the build process as the canvaskit files are downloaded/imported by that command.
Hey @Kimi-Arthur. Can you confirm if the issue is reproducible with the latest master version of Flutter?
Yes, same problem. Here is what I see when I recursively list the build/web
folder with ls -Rl
:
total 2872
drwxrwxr-x 9 foo primarygroup 288 Jan 25 16:34 assets
drwxrwxr-x 5 foo primarygroup 160 Jan 25 16:33 canvaskit
-rw-r--r--@ 1 foo admin 917 Dec 15 22:50 favicon.png
-rw-rw-r-- 1 foo primarygroup 13910 Jan 25 16:33 flutter.js
-rw-rw-r-- 1 foo primarygroup 7599 Jan 25 16:34 flutter_service_worker.js
drwxrwxr-x 6 foo primarygroup 192 Jan 25 16:34 icons
-rw-rw-r-- 1 foo primarygroup 1827 Jan 25 16:34 index.html
-rw-rw-r-- 1 foo primarygroup 1425761 Jan 25 16:34 main.dart.js
-rw-rw-r-- 1 foo primarygroup 908 Jan 25 16:32 manifest.json
-rw-rw-r-- 1 foo primarygroup 82 Jan 25 16:34 version.json
./assets:
total 3232
-rw-rw-r-- 1 foo primarygroup 56 Jan 25 16:34 AssetManifest.bin
-rw-rw-r-- 1 foo primarygroup 109 Jan 25 16:34 AssetManifest.json
-rw-rw-r-- 1 foo primarygroup 208 Jan 25 16:34 FontManifest.json
-rw-rw-r-- 1 foo primarygroup 1638623 Jan 25 16:34 NOTICES
drwxrwxr-x 3 foo primarygroup 96 Jan 25 16:34 fonts
drwxrwxr-x 3 foo primarygroup 96 Jan 25 16:34 packages
drwxrwxr-x 3 foo primarygroup 96 Jan 25 16:34 shaders
./assets/fonts:
total 16
-rw-rw-r-- 1 foo primarygroup 7504 Jan 25 16:34 MaterialIcons-Regular.otf
./assets/packages:
total 0
drwxrwxr-x 3 foo primarygroup 96 Jan 25 16:34 cupertino_icons
./assets/packages/cupertino_icons:
total 0
drwxrwxr-x 3 foo primarygroup 96 Jan 25 16:34 assets
./assets/packages/cupertino_icons/assets:
total 8
-rw-rw-r-- 1 foo primarygroup 1236 Jan 25 16:34 CupertinoIcons.ttf
./assets/shaders:
total 24
-rw-r--r-- 1 foo primarygroup 9242 Jan 25 16:34 ink_sparkle.frag
./canvaskit:
total 13616
-rw------- 1 foo primarygroup 127640 Dec 31 1979 canvaskit.js
-rw------- 1 foo primarygroup 6836229 Dec 31 1979 canvaskit.wasm
drwxrwxr-x 4 foo primarygroup 128 Jan 25 16:33 profiling
./canvaskit/profiling:
total 18056
-rw------- 1 foo primarygroup 247815 Dec 31 1979 canvaskit.js
-rw------- 1 foo primarygroup 8994456 Dec 31 1979 canvaskit.wasm
./icons:
total 104
-rw-r--r--@ 1 foo admin 5292 Dec 15 22:50 Icon-192.png
-rw-r--r--@ 1 foo admin 8252 Dec 15 22:50 Icon-512.png
-rw-rw-r-- 1 foo admin 5594 Jan 25 16:02 Icon-maskable-192.png
-rw-rw-r-- 1 foo admin 20998 Jan 25 16:02 Icon-maskable-512.png
See the permission diffs of the canvaskit files.
Okay I can reproduce this issue on Master (3.7.0-27.0.pre.25)
. Looks like specifically canvaskit.js
and canvaskit.wasm
only have owner read-write permissions (600), while other files have read-write for owners and read for others (644).
flutter create <app_name>
and cd
into <app_name>
flutter build web
ls -Rl
to list all files recursively with their permissionsLike other files, it should show read-write permissions for owners, and read permissions for group and other users
(-rw-r--r--
)
Notice non-read permissions for group and other users
(-rw-------
)
build/web/canvaskit:
total 13616
-rw------- 1 nabeelparkar staff 127640 Dec 31 1979 canvaskit.js
-rw------- 1 nabeelparkar staff 6836229 Dec 31 1979 canvaskit.wasm
drwxr-xr-x 4 nabeelparkar staff 128 Jan 26 13:05 profiling
build/web/canvaskit/profiling:
total 18056
-rw------- 1 nabeelparkar staff 247815 Dec 31 1979 canvaskit.js
-rw------- 1 nabeelparkar staff 8994456 Dec 31 1979 canvaskit.wasm
Snippet from
ls -Rl
flutter doctor -v
(Master)
Steps to Reproduce
flutter create my_app
flutter build web --dart-define=FLUTTER_WEB_CANVASKIT_URL=canvaskit/ --web-renderer canvaskit
Expected results: Everything served properly and the app loads.
Actual results: All requests complete successfully except the canvaskit files, giving 403 errors.
The canvaskit files (both normal ones and profiling ones, both js and wasm) in build/web folder only has read permission for owner (
600
).Code sample
Omitted, as it should be the default code generated by `flutter create`.Logs
It passes with `flutter run` as that user is the owner (myself). But NGINX uses http as the user. So it produces the following errors: ``` Jan 13 20:10:14 *server* nginx[1483408]: 2023/01/13 20:10:14 [error] 1483408#1483408: *6 open() "/var/server/apps/my-app/canvaskit/canvaskit.js" failed (13: Permission denied), client: *client*, server: my-app.domain-name, request: "GET /canvaskit/canvaskit.js HTTP/1.1", host: "my-app.domain-name", referrer: "https://my-app.domain-name/" Jan 13 20:10:14 *server* nginx[1483408]: *server* nginx: 2023/01/13 20:10:14 [error] 1483408#1483408: *6 open() "/var/server/apps/my-app/canvaskit/canvaskit.js" failed (13: Permission denied), client: *client*, server: my-app.domain-name, request: "GET /canvaskit/canvaskit.js HTTP/1.1", host: "my-app.domain-name", referrer: "https://my-app.domain-name/" Jan 13 20:10:14 *server* nginx[1483408]: *server* nginx: *client* - - [13/Jan/2023:20:10:14 +0000] "GET /canvaskit/canvaskit.js HTTP/1.1" 403 555 "https://my-app.domain-name/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-" ``` ``` Analyzing my_app... No issues found! (ran in 1.7s) ``` ``` [✓] Flutter (Channel stable, 3.3.10, on macOS 13.1 22C65 darwin-arm, locale en-CN) • Flutter version 3.3.10 on channel stable at /opt/homebrew/Caskroom/flutter/3.3.10/flutter • Upstream repository https://github.com/flutter/flutter.git • Framework revision 135454af32 (4 weeks ago), 2022-12-15 07:36:55 -0800 • Engine revision 3316dd8728 • Dart version 2.18.6 • DevTools version 2.15.0 • Pub download mirror https://pub.flutter-io.cn • Flutter download mirror https://storage.flutter-io.cn [✓] Android toolchain - develop for Android devices (Android SDK version 33.0.0) • Android SDK at /Users/jingbian/Library/Android/sdk • Platform android-33, build-tools 33.0.0 • Java binary at: /Applications/Android Studio.app/Contents/jre/Contents/Home/bin/java • Java version OpenJDK Runtime Environment (build 11.0.13+0-b1751.21-8125866) • All Android licenses accepted. [✓] Xcode - develop for iOS and macOS (Xcode 14.2) • Xcode at /Applications/Xcode.app/Contents/Developer • Build 14C18 • CocoaPods version 1.11.3 [✓] Chrome - develop for the web • Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome [✓] Android Studio (version 2021.3) • Android Studio at /Applications/Android Studio.app/Contents • Flutter plugin can be installed from: 🔨 https://plugins.jetbrains.com/plugin/9212-flutter • Dart plugin can be installed from: 🔨 https://plugins.jetbrains.com/plugin/6351-dart • Java version OpenJDK Runtime Environment (build 11.0.13+0-b1751.21-8125866) [✓] IntelliJ IDEA Ultimate Edition (version 2021.3.3) • IntelliJ at /Applications/IntelliJ UE (stable).app • Flutter plugin can be installed from: 🔨 https://plugins.jetbrains.com/plugin/9212-flutter • Dart plugin version 213.7371 [✓] VS Code (version 1.74.2) • VS Code at /Applications/Visual Studio Code.app/Contents • Flutter extension can be installed from: 🔨 https://marketplace.visualstudio.com/items?itemName=Dart-Code.flutter [✓] Connected device (2 available) • macOS (desktop) • macos • darwin-arm64 • macOS 13.1 22C65 darwin-arm • Chrome (web) • chrome • web-javascript • Google Chrome 108.0.5359.124 [✓] HTTP Host Availability • All required HTTP hosts are available • No issues found! ```