Too many redirects for shared image links (direct link)

[WiegerS]

### Steps to reproduce 1. Install brand new NextCloud 9.0.53 (using Apache or nginx, does not matter). 2. Share some image. 3. Put direct link to the image in an IMG-tag (e.g. on a bulletin board). ### Expected behaviour Picture should display inside browser (e.g. on a bulletin board). ### Actual behaviour Browser errors out with a 'too many redirects'-error. ### Server configuration **Operating system**: FreeBSD **Web server:** Apache or nginx, with or without reverse proxy, does not matter. **Database:** MySQL **PHP version:** Tried both PHP 5.6 and PHP 7.0. **Nextcloud version:** (see Nextcloud admin page) 9.0.53 **Updated from an older Nextcloud/ownCloud or fresh install:** Happens on fresh install too. **Where did you install Nextcloud from:** Official website; https://nextcloud.com **Signing status:**

Signing status

``` No errors have been found. ```

**List of activated apps:**

App list

``` If you have access to your command line run e.g.: sudo -u www-data php occ app:list from within your Nextcloud installation folder ```

**The content of config/config.php:**

Config report

Happens on fresh install. So config set to defaults. ``` If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your Nextcloud installation folder or Insert your config.php content here (Without the database password, passwordsalt and secret) Default apps (fresh install). ```

**Are you using external storage, if yes which one:** local/smb/sftp/... No **Are you using encryption:** yes/no No **Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/... No ``` With access to your command line run e.g.: sudo -u www-data php occ ldap:show-config from within your Nextcloud installation folder Without access to your command line download the data/owncloud.db to your local computer or access your SQL server remotely and run the select query: SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap'; Eventually replace sensitive data as the name/IP-address of your LDAP server or groups. ``` ### Client configuration **Browser:** Chrome as well as Firefox, also CURL when Cookie-header specified! (does not happen with CURL if no Cookie-headers specified for direct link to image). **Operating system:** Ubuntu 16.04, Windows 7, does not matter really. ### Logs #### Web server error log

Web server error log

``` Insert your webserver log here ```

#### Nextcloud log (data/nextcloud.log)

Nextcloud log

``` Insert your Nextcloud log here ```

#### Browser log

Browser log

``` Insert your browser log here, this could for example include: a) The javascript console log b) The network log c) ... Something like this in red: net::ERR_TOO_MANY_REDIRECTS Network tab shows a bunch of visits to the same image link (direct link). "Location:"-header points to same link... HTTP/1.1 302 Found code. Also seeing strict and lax cookie-headers (both at the same time). ```

#### Workaround

Workaround

``` Workaround seems to be a "return"-statement as the first line of the 'performSameSiteCookieProtection'-function in lib/base.php. ```

[sthag]

I've got this problem too. I also installed a fresh version of Nextcloud and currently I have version 9.0.52 I used ownCloud before and wanted to switch over to Nextcloud. I was prepared to substitude every direct link I placed in a myBB forum but had to realise that it is not working any more.

@WiegerS Is it ok to use the workaround you mention in your post?

[WiegerS]

When you use that 'workaround' I specified you are disabling some security measure which somehow seems to cause the redirect loop for direct links.

Though I would not recommend meddling with the code (maybe it breaks some essential things though direct links do seem to work when disabling the function). Haven't gone into much depth in this regard myself. ;-)

I've gone back to ownCloud some weeks ago, which does not have this issue currently. I'm not really broken up about it though because I'm more of an enthusiastic user than a professional, enterprise-grade user.

[sthag]

Thank you for your answer @WiegerS So what I now like to know is, if this is considered a bug. Will this be fixed in one of the next versions? Sadly this behaviour renders Nextcloud useless for me.

[rullzer]

Well the behaviour is intentional. We have a lot of security meachanism in place of which a lot of them are even enabled on the public link page. (CC @LukasReschke)

Also using the download link is very suboptimal as on that we set headers that actually indicate to your browser to download the file.

I know this has come up before. And I'm still not sure how to do it properly. Another endpoint? And another button. UX wise this is all not easy.

[sthag]

@rullzer Would it be of any help if I make some UI drafts for an integration of such a feature?

For me this would be a huge step forward in usability of nextcloud. I need to use these direct links, especially for images, quite often. As @WiegerS already stated usage within forums is one good example. I'm already accustomed to use direct links from dropbox and owncloud for many things also. Of course, I totally understand that this has to be done right.

I have two main usage scenarios in my mind right now:

1. A single file which is shared via link afterwards has a button or field with url to copy for direct linking.
2. A shared folder gives this feature to every contained file. I think in owncloud it was possible to copy the shared url and just change the file names for direct access to the files within a shared folder.

[aStonedPenguin]

I don't know why this is marked as an enhancement when in previous versions it was common practice to embed download links. This is a bug not an enhancement.

[mbommir1]

Facing the same issue in Chrome (keeps redirecting to the same location) but Firefox seems to load the images just fine. @rullzer any advancements/updates planned on this issue?

[MorrisJobke]

Duplicate of #2523