search

nextcloud / mail

đź’Ś Mail app for Nextcloud
https://apps.nextcloud.com/apps/mail
GNU Affero General Public License v3.0
846 stars 259 forks source link

Some images not loading through proxy #8829

Open JanGross opened 1 year ago

JanGross commented 1 year ago

Steps to reproduce

Whenever I open mail from one particular sender (a newsletter) the images won't load. What I do is

  1. Open the mail
  2. Click show images
  3. Observe a bunch of 500s in the network tab
  4. Nextcloud log shows the error Host violates local access rule being thrown

Expected behavior

The proxy returns the remote image

Actual behavior

The following error is logged:

Click to expand ```json { "reqId": "lEm8bVBMZ2LiEcWKa8UE", "level": 3, "time": "2023-09-03T21:22:06+00:00", "remoteAddr": "31.150.244.142", "user": "Minz", "app": "index", "method": "GET", "url": "/apps/mail/proxy?src=https%3A%2F%2Ffiguya.com%2Fuploads%2Fproduct%2Fprofile_picture%2F53443%2Fprofile_nendoroid-2249-shinigami20230825-4074535-d7axjo.png&requesttoken=tDeiG+bkc0IHas7eum94UD9qro036RJr", "message": "Host violates local access rules", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36", "version": "27.0.2.1", "exception": { "Exception": "OCP\\Http\\Client\\LocalServerException", "Message": "Host violates local access rules", "Code": 0, "Trace": [ { "file": "/var/www/html/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php", "line": 35, "function": "OC\\Http\\Client\\{closure}", "class": "OC\\Http\\Client\\DnsPinMiddleware", "type": "->", "args": [ "*** sensitive parameters replaced ***" ] }, { "file": "/var/www/html/3rdparty/guzzlehttp/guzzle/src/Middleware.php", "line": 31, "function": "__invoke", "class": "GuzzleHttp\\PrepareBodyMiddleware", "type": "->", "args": [ "*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***" ] }, { "file": "/var/www/html/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php", "line": 71, "function": "GuzzleHttp\\{closure}", "class": "GuzzleHttp\\Middleware", "type": "::", "args": [ "*** sensitive parameters replaced ***" ] }, { "file": "/var/www/html/3rdparty/guzzlehttp/guzzle/src/Middleware.php", "line": 63, "function": "__invoke", "class": "GuzzleHttp\\RedirectMiddleware", "type": "->", "args": [ "*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***" ] }, { "file": "/var/www/html/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php", "line": 75, "function": "GuzzleHttp\\{closure}", "class": "GuzzleHttp\\Middleware", "type": "::", "args": [ "*** sensitive parameters replaced ***" ] }, { "file": "/var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php", "line": 331, "function": "__invoke", "class": "GuzzleHttp\\HandlerStack", "type": "->", "args": [ "*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***" ] }, { "file": "/var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php", "line": 168, "function": "transfer", "class": "GuzzleHttp\\Client", "type": "->", "args": [ "*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***" ] }, { "file": "/var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php", "line": 187, "function": "requestAsync", "class": "GuzzleHttp\\Client", "type": "->", "args": [ "*** sensitive parameters replaced ***" ] }, { "file": "/var/www/html/lib/private/Http/Client/Client.php", "line": 226, "function": "request", "class": "GuzzleHttp\\Client", "type": "->", "args": [ "*** sensitive parameters replaced ***", "https://figuya.com/uploads/product/profile_picture/53443/profile_nendoroid-2249-shinigami20230825-4074535-d7axjo.png", [ "/var/www/html/data/files_external/rootcerts.crt", 30, [ [ "Closure" ] ], [ false ], [ "Nextcloud Server Crawler", "gzip" ], "And 1 more entries, set log level to debug to see all entries" ] ] }, { "file": "/var/www/html/custom_apps/mail/lib/Controller/ProxyController.php", "line": 120, "function": "get", "class": "OC\\Http\\Client\\Client", "type": "->", "args": [ "https://figuya.com/uploads/product/profile_picture/53443/profile_nendoroid-2249-shinigami20230825-4074535-d7axjo.png" ] }, { "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php", "line": 230, "function": "proxy", "class": "OCA\\Mail\\Controller\\ProxyController", "type": "->", "args": [ "https://figuya.com/uploads/product/profile_picture/53443/profile_nendoroid-2249-shinigami20230825-4074535-d7axjo.png" ] }, { "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php", "line": 137, "function": "executeController", "class": "OC\\AppFramework\\Http\\Dispatcher", "type": "->", "args": [ [ "OCA\\Mail\\Controller\\ProxyController" ], "proxy" ] }, { "file": "/var/www/html/lib/private/AppFramework/App.php", "line": 183, "function": "dispatch", "class": "OC\\AppFramework\\Http\\Dispatcher", "type": "->", "args": [ [ "OCA\\Mail\\Controller\\ProxyController" ], "proxy" ] }, { "file": "/var/www/html/lib/private/Route/Router.php", "line": 315, "function": "main", "class": "OC\\AppFramework\\App", "type": "::", "args": [ "OCA\\Mail\\Controller\\ProxyController", "proxy", [ "OC\\AppFramework\\DependencyInjection\\DIContainer" ], [ "mail.proxy.proxy" ] ] }, { "file": "/var/www/html/lib/base.php", "line": 1071, "function": "match", "class": "OC\\Route\\Router", "type": "->", "args": [ "/apps/mail/proxy" ] }, { "file": "/var/www/html/index.php", "line": 36, "function": "handleRequest", "class": "OC", "type": "::", "args": [] } ], "File": "/var/www/html/lib/private/Http/Client/DnsPinMiddleware.php", "Line": 139, "CustomMessage": "--" } } ```

Mail app version

3.1.1

Mailserver or service

local mailserver

Operating system

Ubuntu 22.04 with Docker running the base version using Apache

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database

MySQL

Additional info

Not sure whether this is a configuration or DNS issue (since DnsPinMiddleware is metioned)

I confirmed that the remote image is accessible. Both from the host as well as inside the container running Nextcloud.

I checked other mails from various senders and those images seemed to load just fine.

ChristophWurst commented 1 year ago

Is the host https://figuya.com yours? Nextcloud blocks access to hosts if they point to local IPs.

ChristophWurst commented 1 year ago

Log into your Nextcloud host and try to resolve the IP of the remote host:

$ nslookup figuya.com
Server:     192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
Name:   figuya.com
Address: 85.215.98.108
JanGross commented 1 year ago

Is the host https://figuya.com/ yours? Nextcloud blocks access to hosts if they point to local IPs.

No, it's a 3rd party site and afaict their hosting is with a completely different provider as well.

Log into your Nextcloud host and try to resolve the IP of the remote host:

Resolves to the same address when I query from my Nextcloud host

;; ANSWER SECTION:
figuya.com.             3475    IN      A       85.215.98.108

;; Query time: 4 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Mon Sep 04 14:26:21 UTC 2023

The host itself has 207.180.206.5

nextcloud-command commented 1 week ago

Hi there! It looks like this issue hasn’t seen much activity for a while and might need a bit more information to move forward. If we don’t hear back soon, we may close it to keep things organized. Thanks again for your contributions – we really appreciate it!