search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.42k stars 4.07k forks source link

Not possible to login after updating on 16 Beta2 #14916

Closed ghost closed 5 years ago

ghost commented 5 years ago

Steps to reproduce

  1. In Browser call the nextcloud-instance
  2. Fill in Username and -passwort
  3. Try to submit the data by clicking the login-button or use ENTER

Expected behaviour

Login-button should react and login should be possible

Actual behaviour

Login-Button does not respond; login not possible (also using ENTER does not respond) for any user/admin. Remote Desktopclient 2.5.1 can login and is working.

Server configuration

Operating system: Debian 9.8

Web server: NGINX 1.15.9

Database: MariaDB 10.3.13

PHP version: PHP 7.2.16

Nextcloud version: 16.0.0.4 (16 Beta 2)

Updated from: 15.05

Where did you install Nextcloud from: through updater using release channel beta

Signing status: login not possible, information cannot be retrieved

List of activated apps: Enabled:

- apporder: 0.6.0
- bruteforcesettings: 1.3.0
- calendar: 1.6.4
- circles: 0.17.1
- cloud_federation_api: 0.2.0
- comments: 1.6.0
- dav: 1.9.2
- deck: 0.5.2
- defaultgroup: 0.3.0
- defaultlinkopen: 1.2.0
- event_update_notification: 0.3.4
- extract: 0.0.4
- federatedfilesharing: 1.6.0
- files: 1.11.0
- files_antivirus: 2.0.1
- files_clipboard: 0.7.1
- files_frommail: 0.2.0
- files_pdfviewer: 1.5.0
- files_rightclick: 0.13.0
- files_sharing: 1.8.0
- files_trashbin: 1.6.0
- files_versions: 1.9.0
- firstrunwizard: 2.5.0
- groupfolders: 2.0.4
- groupquota: 0.1.0
- impersonate: 1.2.0
- logreader: 2.1.0
- lookup_server_connector: 1.4.0
- mail: 0.11.0
- oauth2: 1.4.2
- password_policy: 1.6.0
- provisioning_api: 1.6.0
- quota_warning: 1.4.0
- ransomware_protection: 1.3.0
- social: 0.1.4
- tasks: 0.9.8
- twofactor_backupcodes: 1.5.0
- updatenotification: 1.6.0
- workflowengine: 1.6.0

Disabled:

  - accessibility
  - activity
  - admin_audit
  - encryption
  - federation
  - files_external
  - files_reader
  - files_texteditor
  - files_videoplayer
  - gallery
  - nextcloud_announcements
  - notifications
  - serverinfo
  - sharebymail
  - support
  - survey_client
  - systemtags
  - theming
  - user_ldap

Nextcloud configuration:

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "**REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "16.0.0.4",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "3306",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "default_language": "de",
        "default_locale": "de",
        "force_locale": "de",
        "defaultapp": "files",
        "knowledgebaseenabled": true,
        "allow_user_to_change_display_name": false,
        "session_lifetime": 28800,
        "session_keepalive": true,
        "auth.bruteforce.protection.enabled": true,
        "skeletondirectory": "\/var\/nc_data\/skeleton",
        "share_folder": "\/Zentrale Teamordner",
        "theme": "",
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "ldapIgnoreNamingRules": false,
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpdebug": false,
        "mail_smtpmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtptimeout": 15,
        "mail_smtpsecure": "ssl",
        "mail_smtpauth": 1,
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_template_class": "\\OC\\Mail\\EMailTemplate",
        "overwriteprotocol": "https",
        "overwrite.cli.url": "https:\/\/***REMOVED SENSITIVE VALUE***",
        "htaccess.RewriteBase": "\/",
        "trashbin_retention_obligation": "auto, 7",
        "appcodechecker": true,
        "updatechecker": true,
        "updater.release.channel": "beta",
        "integrity.check.disabled": true,
        "log_type": "file",
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "logfilemode": 416,
        "loglevel": 3,
        "logtimezone": "Europe\/Berlin",
        "log_rotate_size": 52428800,
        "cron_log": true,
        "enable_previews": true,
        "preview_max_x": 1024,
        "preview_max_y": 1024,
        "preview_max_filesize_image": 50,
        "enabledPreviewProviders": [
            "OC\\Preview\\PNG",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\GIF",
            "OC\\Preview\\BMP"
        ],
        "maintenance": false,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 1.5
        },
        "activity_expire_days": 28,
        "blacklisted_files": [
            ".htaccess",
            "Thumbs.db",
            "thumbs.db"
        ],
        "quota_include_external_storage": false,
        "filesystem_check_changes": 0,
        "filelocking.enabled": true,
        "filelocking.ttl": 3600,
        "updater.secret": "***REMOVED SENSITIVE VALUE***",
        "app_install_overwrite": [
            "apporder",
            "calendar",
            "deck",
            "defaultlinkopen",
            "impersonate",
            "mail",
            "files_markdown",
            "quota_warning",
            "ransomware_protection",
            "tasks",
            "files_automatedtagging",
            "files_accesscontrol",
            "user_saml",
            "announcementcenter",
            "admin_notifications",
            "files_clipboard",
            "files_reader",
            "defaultgroup"
        ]
    }
}

Are you using external storage, if yes which one: No

Are you using encryption: No

Are you using an external user-backend, if yes which one: No

Client configuration

Browser: Chrome 73.0.3683.86 (Offizieller Build) (64-Bit)

Operating system: Windows10 home

See also #14889

kesselb commented 5 years ago

Logs?

ghost commented 5 years ago

@kesselb
The logs don't show much:

/var/log/nginx/error.log: empty

/var/log/nginx/acces.log: only shows a lot of 

127.0.0.1 - - [30/Mar/2019:15:57:25 +0100] "GET /stub_status HTTP/1.1" 200 102 "-" "-"

/var/log/nextcloud/error.log: empty

/var/log/nextcloud/acces.log: mainly entries for remote client. But found this for the login by browser

***REMOVED SENSITIVE VALUE*** - - [30/Mar/2019:16:22:54 +0100] "GET /login HTTP/2.0" 200 3785 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" "-" "***REMOVED SENSITIVE VALUE***" sn="***REMOVED SENSITIVE VALUE***" rt=0.226 ua="unix:/run/php/php7.2-fpm.sock" us="200" ut="0.226" ul="12642" cs=-
***REMOVED SENSITIVE VALUE*** - - [30/Mar/2019:16:22:54 +0100] "GET /core/img/manifest.json HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" "-" "***REMOVED SENSITIVE VALUE***" sn="***REMOVED SENSITIVE VALUE***" rt=0.043 ua="unix:/run/php/php7.2-fpm.sock" us="302" ut="0.043" ul="17" cs=-
***REMOVED SENSITIVE VALUE*** - - [30/Mar/2019:16:22:54 +0100] "GET /login HTTP/2.0" 200 3777 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" "-" "***REMOVED SENSITIVE VALUE***" sn="***REMOVED SENSITIVE VALUE***" rt=0.053 ua="unix:/run/php/php7.2-fpm.sock" us="200" ut="0.053" ul="12640" cs=-`

/var/log/nextcloud/nextcloud.log: empty as well

But the Chrome-Console may be more reveiling:

login:1 Error with Feature-Policy header: Unrecognized feature: 'notifications'.
login:1 Error with Feature-Policy header: Unrecognized feature: 'push'.
login:1 Error with Feature-Policy header: Unrecognized feature: 'vibrate'.
main.js?v=9839ca7a:278 JQMIGRATE: Migrate is installed, version 1.4.1
comments.js?v=9839ca7a:16 Uncaught TypeError: Cannot set property formatLinksRich of #<Object> which has only a getter
    at HTMLDocument.apply (comments.js?v=9839ca7a:16)
    at u (main.js?v=9839ca7a:39)
    at Object.fireWith [as resolveWith] (main.js?v=9839ca7a:39)
    at Function.ready (main.js?v=9839ca7a:39)
    at HTMLDocument.O (main.js?v=9839ca7a:39)
apply @ comments.js?v=9839ca7a:16
u @ main.js?v=9839ca7a:39
fireWith @ main.js?v=9839ca7a:39
ready @ main.js?v=9839ca7a:39
O @ main.js?v=9839ca7a:39
DevTools failed to parse SourceMap: https://***REMOVED SENSITIVE VALUE***/core/js/dist/main.js.map
204Unchecked runtime.lastError: The message port closed before a response was received.
DevTools failed to parse SourceMap: https://***REMOVED SENSITIVE VALUE***/core/js/dist/share_backend.js.map
manifest.json:1 Manifest: Line: 1, column: 1, Unexpected token.
MorrisJobke commented 5 years ago

Error with Feature-Policy header: Unrecognized feature: 'notifications'.

What is this? Could you give us the output of curl -i https://your.domain.com/login?

MorrisJobke commented 5 years ago

We can't reproduce here - it seems to be a setup related issue.

jookk commented 5 years ago

Delete that feature -policy http header from apache? vhost / .htaccess.

ghost commented 5 years ago

@jookk I'm not on apache. I'm using only nginx. Nginx-config has'nt changed since nc14 up to nc 15.05 and everything was working fine. It broke on nc16 beta 2 (the first 16er I was testing). Tomorrow in the office I will see what the output for the curl-command will show.

ghost commented 5 years ago

@MorrisJobke For the setup I'm basically using the guide by Carsten Rieger in the predecessor-version.

Here the output of the curl-command:

HTTP/2 200
server: nginx
date: Thu, 04 Apr 2019 05:50:52 GMT
content-type: text/html; charset=UTF-8
content-length: 8497
vary: Accept-Encoding
set-cookie: oc2gj4kuc98f=vhb5q3ctm72s3qimiqpd9k68v8; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
set-cookie: oc_sessionPassphrase=r6AjYlhoyy6beu454JzBjV5iTJ%2FY8iUz9wuIVK7%2FsRyLSaMgEdQZWo0VmHWVZXsyN2Nl8J69L3mOUjA3vnuNFPxtlUEb9L2COIPPiRYBIP5wW3Hy9Eh5a%2Byg9VYCl%2B%2BN; path=/; secure; HttpOnly
x-frame-options: SAMEORIGIN
set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
cache-control: no-cache, no-store, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self'
strict-transport-security: max-age=15768000; includeSubDomains; preload;
x-robots-tag: none
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
feature-policy: accelerometer 'none'; autoplay 'self'; geolocation 'none'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self' https://***REMOVED SENSITIVE VALUE***; microphone 'self'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'self'; vibrate 'self'; fullscreen 'self'; payment 'none'; usb 'none'

<!DOCTYPE html>
<html class="ng-csp" data-placeholder-focus="false" lang="de" data-locale="de" >
        <head
 data-requesttoken="aG8go3/5FeQc63OTdD8tYkuuUnw4/GTSyGVBi1TW96s=:JVhI8hrPcJMl2jvHRQ4bOAGXGigKygi4vw4q+22Uu9I=">
                <meta charset="utf-8">
                <title>
                SETH            </title>
                <meta http-equiv="X-UA-Compatible" content="IE=edge">
                <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
                <meta name="apple-itunes-app" content="app-id=1125420102">
                <meta name="theme-color" content="#0082c9">
                <link rel="icon" href="/core/img/favicon.ico">
                <link rel="apple-touch-icon-precomposed" href="/core/img/favicon-touch.png">
                <link rel="mask-icon" sizes="any" href="/core/img/favicon-mask.svg" color="#0082c9">
                <link rel="manifest" href="/core/img/manifest.json">
                <link rel="stylesheet" href="/apps/deck/css/activity.css?v=7822d1b1-19">
<link rel="stylesheet" href="/apps/apporder/css/apporder.css?v=9095b976-19">
<link rel="stylesheet" href="/apps/files_pdfviewer/css/style.css?v=35c36e89-19">
<link rel="stylesheet" href="/core/css/guest.css?v=9839ca7a-19">
                <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/js/oc.js?v=9839ca7a"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/js/dist/main.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/js/core/merged-template-prepend.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/search/js/search.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/l10n/de.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/js/dist/share_backend.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/apporder/l10n/de.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/apporder/js/apporder.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/defaultlinkopen/js/comments.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/files_clipboard/l10n/de.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/files_clipboard/js/clearClipboard.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/files_pdfviewer/js/previewplugin.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/files_rightclick/l10n/de.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/files_rightclick/js/script.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/search/js/searchprovider.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/js/files/fileinfo.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/js/files/client.js?v=9839ca7a-19"></script>
<script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/js/core/merged-login.js?v=9839ca7a-19"></script>
                <link rel="stylesheet" href="/apps/theming/styles?v=19"/><script defer src="/apps/theming/js/theming?v=19" nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0="></script><script defer src="/apps/accessibility/js/accessibility?v=0" nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0="></script><meta property="og:title" content="SETH"/><meta property="og:description" content="der Bewahrer aller Daten im TherapieCenter - Marl"/><meta property="og:site_name" content="SETH"/><meta property="og:url" content="https://seth.therapiecenter.org/"/><meta property="og:type" content="website"/><meta property="og:image" content="https://***REMOVED SENSITIVE VALUE***/core/img/favicon-touch.png"/>       </head>
        <body id="body-login">
                <noscript>
        <div id="nojavascript">
                <div>
                        Diese Anwendung benötigt JavaScript zum ordnungsgemäßen Betrieb. Bitte <a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer noopener">aktiviere JavaScript</a> und lade die Seite neu.          </div>
        </div>
</noscript>
                                <div class="wrapper">
                        <div class="v-align">
                                                                        <header role="banner">
                                                <div id="header">
                                                        <div class="logo">
                                                                <h1 class="hidden-visually">
                                                                        SETH                       </h1>
                                                                                                   </div>
                                                </div>
                                        </header>
                                                                <main>

<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
<form method="post" name="login">
        <fieldset>
                                                                        <div id="message" class="hidden">
                        <img class="float-spinner" alt=""
                                src="/core/img/loading-dark.gif">
                        <span id="messageText"></span>
                        <!-- the following div ensures that the spinner is always inside the #message div -->
                        <div style="clear: both;"></div>
                </div>
                <p class="grouptop">
                        <input type="text" name="user" id="user"
                                placeholder="Benutzername oder E-Mail"
                                aria-label="Benutzername oder E-Mail"
                                value=""
                                autofocus                               autocomplete="on" autocapitalize="none" autocorrect="off" required>
                        <label for="user" class="infield">Benutzername oder E-Mail</label>
                </p>

                <p class="groupbottom">
                        <input type="password" name="password" id="password" value=""
                                placeholder="Passwort"
                                aria-label="Passwort"
                                                                autocomplete="on" autocapitalize="none" autocorrect="off" required>
                        <label for="password" class="infield">Passwort</label>
                </p>

                <div id="submit-wrapper">
                        <input type="submit" id="submit" class="login primary" title="" value="Anmelden" disabled="disabled" />
                        <div class="submit-icon icon-confirm-white"></div>
                </div>

                                <div id="reset-password-wrapper" style="display: none;">
                        <input type="submit" id="reset-password-submit" class="login primary" title="" value="Passwort zurücksetzen" disabled="disabled" />
                        <div class="submit-icon icon-confirm-white"></div>
                </div>

                <div class="login-additional">
                                                <div class="lost-password-container">
                                <a id="lost-password" href="">
                                        Passwort vergessen?                             </a>
                                <a id="lost-password-back" href="" style="display:none;">
                                        Zur Anmeldung wechseln                          </a>
                        </div>
                                        </div>

                <input type="hidden" name="timezone_offset" id="timezone_offset"/>
                <input type="hidden" name="timezone" id="timezone"/>
                <input type="hidden" name="requesttoken" value="aG8go3/5FeQc63OTdD8tYkuuUnw4/GTSyGVBi1TW96s=:JVhI8hrPcJMl2jvHRQ4bOAGXGigKygi4vw4q+22Uu9I=">
        </fieldset>
</form>
                                </main>
                        </div>
                </div>
                <footer role="contentinfo">
                        <p class="info">
                                <a href="https://***REMOVED SENSITIVE VALUE***" target="_blank" rel="noreferrer noopener" class="entity-name">SETH</a> – der Bewahrer aller Daten im TherapieCenter - Marl   </p>
                </footer>
        </body>
</html>
jookk commented 5 years ago

Yes, in his guide is that http header.. https://www.c-rieger.de/nextcloud-installation-guide-ubuntu/

add_header Feature-Policy "accelerometer 'none'; autoplay 'self';

geolocation 'none'; midi 'none'; sync-xhr 'self' ; microphone 'self'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'self'; fullscreen 'self'; payment 'none'; usb 'none'";

Dňa 4. apríla 2019 8:04:37 používateľ Lars van Ravenzwaaij notifications@github.com napísal:

@MorrisJobke For the setup I'm basically using the guide by Carsten Rieger in the predecessor-version. Here the output of the curl-command: HTTP/2 200 server: nginx date: Thu, 04 Apr 2019 05:50:52 GMT content-type: text/html; charset=UTF-8 content-length: 8497 vary: Accept-Encoding set-cookie: oc2gj4kuc98f=vhb5q3ctm72s3qimiqpd9k68v8; path=/; secure; HttpOnly expires: Thu, 19 Nov 1981 08:52:00 GMT pragma: no-cache set-cookie: oc_sessionPassphrase=r6AjYlhoyy6beu454JzBjV5iTJ%2FY8iUz9wuIVK7%2FsRyLSaMgEdQZWo0VmHWVZXsyN2Nl8J69L3mOUjA3vnuNFPxtlUEb9L2COIPPiRYBIP5wW3Hy9Eh5a%2Byg9VYCl%2B%2BN; path=/; secure; HttpOnly x-frame-options: SAMEORIGIN set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict cache-control: no-cache, no-store, must-revalidate content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self' strict-transport-security: max-age=15768000; includeSubDomains; preload; x-robots-tag: none x-download-options: noopen x-permitted-cross-domain-policies: none x-content-type-options: nosniff x-xss-protection: 1; mode=block referrer-policy: no-referrer feature-policy: accelerometer 'none'; autoplay 'self'; geolocation 'none'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self' https://***REMOVED SENSITIVE VALUE***; microphone 'self'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'self'; vibrate 'self'; fullscreen 'self'; payment 'none'; usb 'none' <!DOCTYPE html> <html class="ng-csp" data-placeholder-focus="false" lang="de" data-locale="de" > <head data-requesttoken="aG8go3/5FeQc63OTdD8tYkuuUnw4/GTSyGVBi1TW96s=:JVhI8hrPcJMl2jvHRQ4bOAGXGigKygi4vw4q+22Uu9I="> SETH <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0"> <meta name="apple-itunes-app" content="app-id=1125420102"> <meta name="theme-color" content="#0082c9"> <link rel="icon" href="/core/img/favicon.ico"> <link rel="apple-touch-icon-precomposed" href="/core/img/favicon-touch.png"> <link rel="mask-icon" sizes="any" href="/core/img/favicon-mask.svg" color="#0082c9"> <link rel="manifest" href="/core/img/manifest.json"> <link rel="stylesheet" href="/apps/deck/css/activity.css?v=7822d1b1-19">

<link rel="stylesheet" href="/apps/files_pdfviewer/css/style.css?v=35c36e89-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/js/oc.js?v=9839ca7a"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/js/dist/main.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/js/core/merged-template-prepend.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/search/js/search.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/l10n/de.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/js/dist/share_backend.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/apporder/l10n/de.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/apporder/js/apporder.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/defaultlinkopen/js/comments.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/files_clipboard/l10n/de.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/files_clipboard/js/clearClipboard.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/files_pdfviewer/js/previewplugin.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/files_rightclick/l10n/de.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/apps/files_rightclick/js/script.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/search/js/searchprovider.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/js/files/fileinfo.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/core/js/files/client.js?v=9839ca7a-19"> <script nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0=" defer src="/js/core/merged-login.js?v=9839ca7a-19"> <link rel="stylesheet" href="/apps/theming/styles?v=19"/><script defer src="/apps/theming/js/theming?v=19" nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0="><script defer src="/apps/accessibility/js/accessibility?v=0" nonce="YUc4Z28zLzVGZVFjNjNPVGREOHRZa3V1VW53NC9HVFN5R1ZCaTFUVzk2cz06SlZoSThoclBjSk1sMmp2SFJRNGJPQUdYR2lnS3lnaTR2dzRxKzIyVXU5ST0="><meta property="og:title" content="SETH"/><meta property="og:description" content="der Bewahrer aller Daten im TherapieCenter - Marl"/><meta property="og:site_name" content="SETH"/><meta property="og:url" content="https://seth.therapiecenter.org/"/><meta property="og:type" content="website"/> <body id="body-login">

Diese Anwendung benötigt JavaScript zum ordnungsgemäßen Betrieb. Bitte <a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer noopener">aktiviere JavaScript und lade die Seite neu.
<header role="banner">

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
ghost commented 5 years ago

@MorrisJobke @jookk I saw that just now also. I just removed that statement und restartet the services. Still no luck. Same problem remains.

HTTP/2 200
server: nginx
date: Thu, 04 Apr 2019 06:11:44 GMT
content-type: text/html; charset=UTF-8
content-length: 8497
vary: Accept-Encoding
set-cookie: oc2gj4kuc98f=omp7p2ph9mpdnc8monlucujuhv; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
set-cookie: oc_sessionPassphrase=2ZFXE8cjiGLLKWyOdg5G%2B1DUHoMG5JbM3gUKYKwR1d%2BxE%2F9LAjgGIJbWYFsGDb5JwB1ChMFcswCiJVSux0Wm7haMF0xDVX2QXs3SWe%2Bb%2F%2FFV%2BQ2IxTgLDP7nOTuiMFSF; path=/; secure; HttpOnly
x-frame-options: SAMEORIGIN
set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
cache-control: no-cache, no-store, must-revalidate
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self'
strict-transport-security: max-age=15768000; includeSubDomains; preload;
x-robots-tag: none
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: no-referrer

<!DOCTYPE html>
ghost commented 5 years ago

@MorrisJobke The chrome console now says:

JQMIGRATE: Migrate is installed, version 1.4.1
comments.js?v=9839ca7a-19:16 Uncaught TypeError: Cannot set property formatLinksRich of #<Object> which has only a getter
    at HTMLDocument.apply (comments.js?v=9839ca7a-19:16)
    at u (main.js?v=9839ca7a-19:39)
    at Object.fireWith [as resolveWith] (main.js?v=9839ca7a-19:39)
    at Function.ready (main.js?v=9839ca7a-19:39)
    at HTMLDocument.O (main.js?v=9839ca7a-19:39)
manifest.json:1 Manifest: Line: 1, column: 1, Unexpected token.
DevTools failed to parse SourceMap: https://***REMOVED SENSITIVE VALUE***/core/js/dist/main.js.map
DevTools failed to parse SourceMap: https://***REMOVED SENSITIVE VALUE***/core/js/dist/share_backend.js.map
ghost commented 5 years ago

On beta3 everything is back to normal.

SvenLuebke commented 5 years ago

After upgrading Nextcloud 16.0.4 to 16.0.5 Chromium console reports "Cannot set property formatLinksRich of # which has only a getter ..." and login is not possible anymore (in my setup).

Removing "defaultlinkopen" app (by deleting or moving the folder [nextcloud installation path]/apps/defaultlinkopen) fixed my issue!

  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.