Closed cvandesande closed 5 years ago
GitMate.io thinks possibly related issues are https://github.com/nextcloud/server/issues/2938 ("CSRF check failed" error message), https://github.com/nextcloud/server/issues/8467 (NextCloud 13 folder/file display bug), https://github.com/nextcloud/server/issues/8370 (strange mistake with drag end drop web file interfaces), https://github.com/nextcloud/server/issues/10895 (LDAP Users missed files folder in home folder; but show on web interface (nextcloud 13.0.4)), and https://github.com/nextcloud/server/issues/8310 (Disable web app by own cloud interface (NO NEXTCLOUD THEME)).
Also experiencing this problem. Effectively a fresh install (I added a handful of official apps and camerarawpreviews).
Can confirm that dragging a folder from the desktop onto a group shared folder will trigger the error but navigating into the group shared folder and dragging the folder to white space will upload just fine.
This is happening with the files stored locally on the NextCloud system.
Server configuration Operating system: FreeBSD 11.2 (iocage jail on FreeNAS box) Web server: Apache 2.4.34 Database: MySQL 5.6.41 PHP version: 7.1.21 Nextcloud version: 14.0.0 Updated from an older Nextcloud/ownCloud or fresh install: New Where did you install Nextcloud from: Ports Collection
I am also having this issue, the problem arises when you drag and drop a folder onto an existing folder. This is a pretty bad bug and needs to be fixed as it prevents the upload from succeeding.
Thanks for your help
I am also having this problem. -
Specifically: Drag & Drop mp3 files onto an existing (group shared) album folder in files app.
Interestingly, about half of the files succeeded the half not copied: "CSRF check not passed"
Guest OS: Win 10 Pro Guest Browser: Google Chrome: 71.0.3578.98 Server OS: Debian 9.5 Web Server: Apache 2.4.25 Database: MySQL 10.1.26 PHP: 7.1.22 NextCloud Server: 14.0.1 - Update pending Updated from an older NextCloud/ownCloud or fresh install: New Where did you install NextCloud from: zip download, nextcloud website
Hi there, also have this problem with a fresh snap install :(
Experiencing the same issue when dragging a folder to the browser.
I can confirm that this is an issue on FF with the latest server master. A little debugging tells me the DAV requests to create the folder and upload the files do not all have a request token set. MKCOL
and PROPFIND
do, PUT
does not. This might be an issue with the davclient lib.
I can confirm that this is an issue on FF with the latest server master. A little debugging tells me the DAV requests to create the folder and upload the files do not all have a request token set.
MKCOL
andPROPFIND
do,PUT
does not. This might be an issue with the davclient lib.
cc @skjnldsv @danxuliu
@danxuliu is already debugging it.
This is still an issue on the latest Nextcloud release (25.0.3). I dragged and dropped about 3GB of folders (with LOTS of tiny files) onto an empty folder on the files app. My browser is Firefox.
I DID NOT drop a folder into a folder, I dropped three folders into an opened empty folder.
I am behind a reverse proxy, in case that matters.
Same issue with my Nextcloud. Also using 25.0.3, also behind a reverse proxy, also trying to upload a folder into a folder.
same issue when navigating into the folder
same issues when drag files to folder.
same issues when drag files to folder.
Yes, same here
Commenting on this resolved ticket is a bit pointless. If the bug returned it means there is a regression. Please file a ticket.
Is there a new open issue for this. I am experiencing the same thing. Kind of scary as I often delete content that has been copied to Nextcloud this way and it is not always easy to identify files that has not been copied over in a larger folder structure.
I believe it is due to the cookie. So, you should clear the cookie history as well as log out and re-log in NC and your web application.
"CSRF check not passed" message will disappear and commands MKCOL and the like will work well.
Steps to reproduce
Expected behaviour
No error messages in window, and contents in uploaded folders
Actual behaviour
CSRF check not passed error displayed, no contents in uploaded folders.
Server configuration
Operating system: Custom Docker image based off Alpine 3.8
Web server: Nginx 1.14.0
Database: MariaDB 10.2.17
PHP version: 7.2.9
Nextcloud version: 13.0.6
Updated from an older Nextcloud/ownCloud or fresh install: Updated from previous Nextcloud (Docker container rebuilt, occ upgrade run)
Where did you install Nextcloud from: Downloaded tarball from https://download.nextcloud.com/server/releases/
Signing status:
Signing status
``` No errors have been found. ```List of activated apps:
App list
/var/www/html # su www-data -s /bin/sh -c 'php /nextcloud/occ app:list' Enabled: - activity: 2.6.1 - admin_audit: 1.3.0 - bruteforcesettings: 1.1.0 - calendar: 1.6.1 - comments: 1.3.0 - contacts: 2.1.5 - dav: 1.4.7 - federatedfilesharing: 1.3.1 - federation: 1.3.0 - files: 1.8.0 - files_sharing: 1.5.0 - files_texteditor: 2.5.1 - files_trashbin: 1.3.0 - files_versions: 1.6.0 - files_videoplayer: 1.2.0 - firstrunwizard: 2.2.1 - gallery: 18.0.0 - logreader: 2.0.0 - lookup_server_connector: 1.1.0 - mail: 0.8.3 - nextcloud_announcements: 1.2.0 - notes: 2.4.1 - notifications: 2.1.2 - oauth2: 1.1.1 - password_policy: 1.3.0 - provisioning_api: 1.3.0 - serverinfo: 1.3.0 - sharebymail: 1.3.0 - spreed: 3.2.5 - survey_client: 1.1.0 - systemtags: 1.3.0 - theming: 1.4.5 - twofactor_backupcodes: 1.2.3 - twofactor_totp: 1.4.1 - twofactor_u2f: 1.5.5 - updatenotification: 1.3.0 - workflowengine: 1.3.0 Disabled: - encryption - files_external - files_pdfviewer - user_external - user_ldapNextcloud configuration:
Config report
' { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "owncloud.opendmz.com", "nextcloud.opendmz.com" ], "apps_paths": [ { "path": "\/nextcloud\/apps", "url": "\/apps", "writable": false }, { "path": "\/nextcloud\/apps2", "url": "\/apps2", "writable": true } ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "13.0.6.1", "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "forwarded_for_headers": [ "HTTP_X_FORWARDED", "HTTP_FORWARDED_FOR" ], "overwriteprotocol": "https", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "forcessl": false, "mail_smtpmode": "smtp", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "465", "loglevel": 0, "theme": "", "maintenance": false, "secret": "***REMOVED SENSITIVE VALUE***", "filesystem_check_changes": 1, "filelocking.enabled": "false", "memcache.local": "\\OC\\Memcache\\APCu", "memcache.distributed": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 6379, "timeout": 0, "dbindex": 0 }, "trashbin_retention_obligation": "auto", "overwrite.cli.url": "https:\/\/owncloud.opendmz.com", "mail_smtpauthtype": "LOGIN", "mail_smtpsecure": "ssl" } }Are you using external storage, if yes which one: local network NFS share
Are you using encryption: no
Are you using an external user-backend, if yes which one: No
Client configuration
Browser: Firefox or Chromium
Operating system: Arch Linux
Logs
Web server error log
Web server error log
Many entries like the below, 401 error. ``` nginx_1 |Nextcloud log (data/nextcloud.log)
Nextcloud log
``` Insert your Nextcloud log here Debug | webdav | Sabre\DAV\Exception\NotAuthenticated: CSRF check not passed./nextcloud/apps/dav/lib/Connector/Sabre/Auth.php - line 155: OCA\DAV\Connector\Sabre\Auth->auth(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php - line 201: OCA\DAV\Connector\Sabre\Auth->check(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php - line 150: Sabre\DAV\Auth\Plugin->check(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))[internal function] Sabre\DAV\Auth\Plugin->beforeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 466: Sabre\Event\EventEmitter->emit('beforeMethod', Array)/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))/nextcloud/apps/dav/appinfo/v1/webdav.php - line 80: Sabre\DAV\Server->exec()/nextcloud/remote.php - line 164: require_once('/nextcloud/apps...'){main} -- | -- | -- ```Browser log
Browser log
``` send @ core.js?v=5c5ae5ee-5:4 ajax @ core.js?v=5c5ae5ee-5:4 send @ merged-index.js?v=5c5ae5ee-5:2713 (anonymous) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 e.(anonymous function) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 x @ core.js?v=5c5ae5ee-5:4 (anonymous) @ core.js?v=5c5ae5ee-5:4 load (async) send @ core.js?v=5c5ae5ee-5:4 ajax @ core.js?v=5c5ae5ee-5:4 send @ merged-index.js?v=5c5ae5ee-5:2713 (anonymous) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 e.(anonymous function) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 x @ core.js?v=5c5ae5ee-5:4 (anonymous) @ core.js?v=5c5ae5ee-5:4 load (async) send @ core.js?v=5c5ae5ee-5:4 ajax @ core.js?v=5c5ae5ee-5:4 send @ merged-index.js?v=5c5ae5ee-5:2713 (anonymous) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 add @ core.js?v=5c5ae5ee-5:2 (anonymous) @ core.js?v=5c5ae5ee-5:2 each @ core.js?v=5c5ae5ee-5:2 (anonymous) @ core.js?v=5c5ae5ee-5:2 a.Deferred @ core.js?v=5c5ae5ee-5:7 then @ core.js?v=5c5ae5ee-5:2 _onSend @ merged-index.js?v=5c5ae5ee-5:2757 (anonymous) @ core.js?v=5c5ae5ee-5:13 data.submit @ merged-index.js?v=5c5ae5ee-5:2481 (anonymous) @ merged-index.js?v=5c5ae5ee-5:571 (anonymous) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 (anonymous) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 e.(anonymous function) @ core.js?v=5c5ae5ee-5:2 (anonymous) @ merged-index.js?v=5c5ae5ee-5:837 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 e.(anonymous function) @ core.js?v=5c5ae5ee-5:2 (anonymous) @ client.js?v=5c5ae5ee-5:704 Promise.then (async) _simpleCall @ client.js?v=5c5ae5ee-5:701 createDirectory @ client.js?v=5c5ae5ee-5:722 (anonymous) @ merged-index.js?v=5c5ae5ee-5:833 (anonymous) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 e.(anonymous function) @ core.js?v=5c5ae5ee-5:2 (anonymous) @ merged-index.js?v=5c5ae5ee-5:837 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 e.(anonymous function) @ core.js?v=5c5ae5ee-5:2 (anonymous) @ client.js?v=5c5ae5ee-5:707 Promise.then (async) _simpleCall @ client.js?v=5c5ae5ee-5:701 createDirectory @ client.js?v=5c5ae5ee-5:722 (anonymous) @ merged-index.js?v=5c5ae5ee-5:833 (anonymous) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 add @ core.js?v=5c5ae5ee-5:2 (anonymous) @ core.js?v=5c5ae5ee-5:2 each @ core.js?v=5c5ae5ee-5:2 (anonymous) @ core.js?v=5c5ae5ee-5:2 a.Deferred @ core.js?v=5c5ae5ee-5:7 then @ core.js?v=5c5ae5ee-5:2 ensureFolderExists @ merged-index.js?v=5c5ae5ee-5:832 ensureFolderExists @ merged-index.js?v=5c5ae5ee-5:829 submit @ merged-index.js?v=5c5ae5ee-5:524 (anonymous) @ merged-index.js?v=5c5ae5ee-5:860 _.each._.forEach @ core.js?v=5c5ae5ee-5:166 submitUploads @ merged-index.js?v=5c5ae5ee-5:858 onNoConflicts @ merged-index.js?v=5c5ae5ee-5:1257 checkExistingFiles @ merged-index.js?v=5c5ae5ee-5:1061 add @ merged-index.js?v=5c5ae5ee-5:1275 _trigger @ core.js?v=5c5ae5ee-5:13 (anonymous) @ merged-index.js?v=5c5ae5ee-5:2844 each @ core.js?v=5c5ae5ee-5:2 _onAdd @ merged-index.js?v=5c5ae5ee-5:2837 (anonymous) @ core.js?v=5c5ae5ee-5:13 (anonymous) @ merged-index.js?v=5c5ae5ee-5:3082 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 (anonymous) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 e.(anonymous function) @ core.js?v=5c5ae5ee-5:2 (anonymous) @ merged-index.js?v=5c5ae5ee-5:2905 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 (anonymous) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 (anonymous) @ core.js?v=5c5ae5ee-5:2 j @ core.js?v=5c5ae5ee-5:2 fireWith @ core.js?v=5c5ae5ee-5:2 e.(anonymous function) @ core.js?v=5c5ae5ee-5:2 (anonymous) @ merged-index.js?v=5c5ae5ee-5:2928 core.js?v=5c5ae5ee-5:4 PUT https://owncloud.opendmz.com/remote.php/webdav/Documents/New%20Folder1/Text%20File%20(3) 401 (Unauthorized) ```