[BUG] Suggestion search or filter crashes

[alcalyn]

Fider Cloud or Self Hosted Selh hosted. Version, not sure, I pulled the latest image from docker hub this month.

Describe the bug I reproduce on my hosted version at https://feedback.alcalyn.app/, but not on your version https://feedback.fider.io/

To Reproduce

1. Go to suggestions list
2. Either select a filter (trending, recent, ...) or type a single character in search bar

I get "Shoot! Well, this is unexpected…"

And I have this javascript error:

DOMException: The operation is insecure.
    replaceState navigator.ts:19
    changeFilterCriteria PostsContainer.tsx:48

Expected behavior Should filter suggestions as in your version

[alcalyn]

I found what is the error.

In Fider.settings.baseURL I have the wrong protocol, http instead of https (http://feedback.alcalyn.app/ instead of https://feedback.alcalyn.app/).

It leads to the following error:

DOMException: Failed to execute 'replaceState' on 'History': A history state object with URL 'http://feedback.alcalyn.app/?view=recent' cannot be created in a document with origin

I installed Fider using Docker, and behind nginx with let's encrypt. When I check logs, docker receive requests without https:

INFO [2023-12-13T17:23:46Z] [WEB] GET http://feedback.alcalyn.app/ started
INFO [2023-12-13T17:23:46Z] [WEB] GET http://feedback.alcalyn.app/ finished with 200 in 130ms (committed)
INFO [2023-12-13T17:23:46Z] [WEB] GET http://feedback.alcalyn.app/_api/notifications/unread/total started
INFO [2023-12-13T17:23:46Z] [WEB] GET http://feedback.alcalyn.app/_api/notifications/unread/total finished with 200 in 25ms (committed)

I set the good BASE_URL in my docker-compose.yml:

  app:
    environment:
      # Public Host Name
      BASE_URL: https://feedback.alcalyn.app

and restarted it, still the error.

I checked the json inside document.getElementById("server-data") and the base url is without https.

The server is sending the wrong base url (assetsURL is well set):

  "settings": {
    "assetsURL": "https://feedback.alcalyn.app",
    "baseURL": "http://feedback.alcalyn.app",
     ...

I think the server is either sending this baseUrl from a cached variable (probably I missed the https and fixed it later), or is building the baseUrl from RequestContext, which is not possible when behind nginx, because it misses the https. The server should use either BASE_URL from env, or build it on front side from current url.

In the docker container, the env var is also well set:

root@19af12bc51c9:/app# echo $BASE_URL
https://feedback.alcalyn.app

I looked in the go code, but I'm not fluent with this language!

[alcalyn]

I looked again this. I could made it work by adding this in my nginx config:

server {
    listen 443;
    server_name feedback.alcalyn.app;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass http://0.0.0.0:....;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    ssl_certificate ...
    ssl_certificate_key ...
}

This way, fider app now have "https" in its web context.

Thanks to https://stackoverflow.com/questions/34656273/how-to-handle-nginx-reverse-proxy-https-to-http-scheme-redirect

[pierreavn]

Hi, even if I force X-Forwarded-Proto header to.https, the search is still crashing, with http://mydomain.com as Take me back URL. The X-Forwarded-Host header seems to work. Do you have any idea on it?