[Bug]: Viewing media files via a share link doesn't work anymore

AsamK commented 3 days ago

⚠️ This issue respects the following points: ⚠️

[X] This is a bug, not a question or a configuration/webserver/proxy issue.
[X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
[X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
[X] I agree to follow Nextcloud's Code of Conduct.

Bug description

After upgrade to Nextcloud 30 (from 29), video and audio files shared via a link, cannot be played anymore. Playing the files works as expected in the Nextcloud files app when logged in.

Viewing images via share link works as well. Images and audio/video files seem to be downloaded using different endpoints.

Images (works): GET https://x.x.x/index.php/apps/files_sharing/publicpreview/We29yd6pa3K9Hjx?file=/2024/ef77f0f1-51de-4172-a7f8-8226af09ee32.jpeg&fileId=67260&x=2256&y=1504&a=true&etag=de0abba96f6431595e86c39661d7fbb5 Videos (doesn't work): GET https://x.x.x/public.php/dav/files/We29yd6pa3K9Hjx/2024/Video.mp4

The logs show a Sabre\\DAV\\Exception\\NotAuthenticated error for the failed video request.

Downloading videos from the file list works GET https://x.x.x/index.php/s/We29yd6pa3K9Hjx/download?path=/2024&files=Video.mp4&downloadStartSecret=d5qsoy67xxx

Steps to reproduce

Upload video or audio file to a folder
Create a share link for that folder
Open the share link
Click on a video/audio file to open the preview
-> Loading error is shown

Expected behavior

Audio and video files can be played via a share link.

Nextcloud Server version

30

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 28 to 29)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

[X] Default user-backend (database)
[ ] LDAP/ Active Directory
[ ] SSO - SAML
[ ] Other

Configuration report

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "x.x.x"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/x.x.x\/",
        "dbtype": "mysql",
        "version": "30.0.0.14",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "theme": "",
        "loglevel": 0,
        "maintenance": false,
        "app_install_overwrite": [
            "gallery",
            "forms"
        ],
        "mysql.utf8mb4": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "default_phone_region": "DE",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "preview_max_memory": 1024,
        "preview_max_filesize_image": 100,
        "simpleSignUpLink.shown": false,
        "maintenance_window_start": 2
    }
}

List of activated Apps

Enabled:
  - admin_audit: 1.20.0
  - bruteforcesettings: 3.0.0
  - cloud_federation_api: 1.13.0
  - dav: 1.31.1
  - federatedfilesharing: 1.20.0
  - files: 2.2.0
  - files_downloadlimit: 3.0.0
  - files_pdfviewer: 3.0.0
  - files_reminders: 1.3.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - files_versions: 1.23.0
  - forms: 4.2.4
  - logreader: 3.0.0
  - lookup_server_connector: 1.18.0
  - oauth2: 1.18.1
  - photos: 3.0.2
  - provisioning_api: 1.20.0
  - related_resources: 1.5.0
  - settings: 1.13.0
  - sharebymail: 1.20.0
  - theming: 2.5.0
  - theming_customcss: 1.17.0
  - twofactor_backupcodes: 1.19.0
  - updatenotification: 1.20.0
  - viewer: 3.0.0
  - webhook_listeners: 1.1.0-dev
  - workflowengine: 2.12.0
Disabled:
  - activity: 3.0.0 (installed 2.6.1)
  - circles: 30.0.0-dev (installed 28.0.0)
  - comments: 1.20.1 (installed 1.8.0)
  - contactsinteraction: 1.11.0 (installed 1.1.0)
  - dashboard: 7.10.0 (installed 7.0.0)
  - encryption: 2.18.0
  - federation: 1.20.0 (installed 1.3.0)
  - files_external: 1.22.0
  - firstrunwizard: 3.0.0 (installed 2.7.0)
  - nextcloud_announcements: 2.0.0 (installed 1.9.0)
  - notifications: 3.0.0 (installed 2.1.2)
  - password_policy: 2.0.0 (installed 1.3.0)
  - privacy: 2.0.0 (installed 1.4.0)
  - recommendations: 3.0.0 (installed 0.4.0)
  - serverinfo: 2.0.0 (installed 1.3.0)
  - support: 2.0.0 (installed 1.1.0)
  - survey_client: 2.0.0 (installed 1.1.0)
  - suspicious_login: 8.0.0
  - systemtags: 1.20.0 (installed 1.3.0)
  - text: 4.1.0 (installed 2.0.0)
  - twofactor_nextcloud_notification: 4.0.0
  - twofactor_totp: 12.0.0-dev
  - user_ldap: 1.21.0
  - user_status: 1.10.0 (installed 1.0.0)
  - weather_status: 1.10.0 (installed 1.0.0)

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{"reqId":"d92BY2oekx1t0zt2xHli","level":0,"time":"2024-09-30T17:51:57+00:00","remoteAddr":"2a00:xxxx:4722:a500:909d:4495:6390:eeb7","user":"--","app":"webdav","method":"GET","url":"/public.php/dav/files/We29yd6pa3K9Hjx/2024/Video.mp4","message":"Exception thrown: Sabre\\DAV\\Exception\\NotAuthenticated","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","version":"30.0.0.14","exception":{"Exception":"Sabre\\DAV\\Exception\\NotAuthenticated","Message":"","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/ServerFactory.php","line":109,"function":"{closure}","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"OCA\\DAV\\Connector\\Sabre\\{closure}","class":"OCA\\DAV\\Connector\\Sabre\\ServerFactory","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/appinfo/v2/publicremote.php","line":135,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/public.php","line":82,"args":["/var/www/nextcloud/apps/dav/appinfo/v2/publicremote.php"],"function":"require_once"}],"File":"/var/www/nextcloud/apps/dav/appinfo/v2/publicremote.php","Line":80,"message":"","exception":{},"CustomMessage":"Exception thrown: Sabre\\DAV\\Exception\\NotAuthenticated"}}
{"reqId":"VxqFq109AEvZupcKg2HJ","level":0,"time":"2024-09-30T17:51:57+00:00","remoteAddr":"2a00:xxxx:4722:a500:909d:4495:6390:eeb7","user":"--","app":"webdav","method":"GET","url":"/public.php/dav/files/We29yd6pa3K9Hjx/2024/Video.mp4","message":"Exception thrown: Sabre\\DAV\\Exception\\NotAuthenticated","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","version":"30.0.0.14","exception":{"Exception":"Sabre\\DAV\\Exception\\NotAuthenticated","Message":"","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/ServerFactory.php","line":109,"function":"{closure}","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"OCA\\DAV\\Connector\\Sabre\\{closure}","class":"OCA\\DAV\\Connector\\Sabre\\ServerFactory","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/appinfo/v2/publicremote.php","line":135,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/public.php","line":82,"args":["/var/www/nextcloud/apps/dav/appinfo/v2/publicremote.php"],"function":"require_once"}],"File":"/var/www/nextcloud/apps/dav/appinfo/v2/publicremote.php","Line":80,"message":"","exception":{},"CustomMessage":"Exception thrown: Sabre\\DAV\\Exception\\NotAuthenticated"}}

Additional info

Response of GET https://x.x.x/public.php/dav/files/We29yd6pa3K9Hjx/2024/Video.mp4: 401

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
    <s:exception>Interner Serverfehler</s:exception>
    <s:message>
        Der Server konnte die Anfrage nicht fertig stellen.     Sollte dies erneut auftreten, senden Sie bitte die nachfolgenden technischen Einzelheiten  an Ihren Server-Administrator.       Weitere Details können im Server-Protokoll gefunden werden.         </s:message>

    <s:technical-details>
        <s:remote-address>2a00:xxxx:4722:a500:909d:4495:6390:eeb7</s:remote-address>
        <s:request-id>pKuq5KeY9cNmGr3m1qBN</s:request-id>

        </s:technical-details>
</d:error>

joshtrichards commented 3 days ago

Works fine for me. Can you check your browser inspector? Specifically check the Network tab while reproducing the issue and also your Console tab after.

Masu-Baumgartner commented 3 days ago

Hey hey, i am experiencing the exact same issue after updating to nextcloud 30. As described by OP, the api returns a 401 and as the error text an internal server error (which doesnt match the status code).

The only javascript error occurs after the request to the video has failed:

The network tab shows two WebDAV requests to root path of the share

and returning the following response with a 401

Masu-Baumgartner commented 3 days ago

So i did take a look at the logs and the unauthenticated exception, returned by the api, is thrown at this line/file

https://github.com/nextcloud/server/blob/5434005bff41596b3c3ca8f930a1eddd1f001d66/apps/dav/appinfo/v2/publicremote.php#L80

Masu-Baumgartner commented 2 days ago

I found a workaround until the issue will be resolved. Enabling this option fixes the issue, as the condition triggering the error in the code (see my message above) is no longer reached

joshtrichards commented 2 days ago

That option is on by default.

But if it's off, the ajax request header check is more important. It appears this header is missing from the request: X-Requested-With: XMLHttpRequest.

joshtrichards commented 2 days ago

This is similar to a bug we had back early in the v28 release cycle. There have been a few refactors in the v30 dev cycle that touch on this area of code. It's a front-end matter. I suspect it's a mixture of nextcloud-libraries/nextcloud-files#996 and/or nextcloud/viewer#2392. Our tests also seem to have a blind spot here.

Cc: @susnux

nextcloud / server