opensource-socialnetwork / OssnServices

Integrate your OSSN powered social network into 3rd party application
https://www.opensource-socialnetwork.org/webservices/view/3616/welcome-to-ossn-web-services-api-integrate-ossn-into-your-application
11 stars 8 forks source link

CORB Blocked cross-origin for image urls #4

Closed mirabledictu closed 3 years ago

mirabledictu commented 3 years ago

Getting this warning in console and not able to display images.

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://mywebsite.com/ with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

The sample format of image url is https://mywebsite.com/post/photo/363/0ac11cb8f1f44fdc62f5c5f16eed03fb.jpg.

I am fetching data from /wall_list_home and concatenating image id to image tag

<img src={`${https://mywebsite.com/post/photo/${post.post.guid}/${post.image}`} />

any help would be much appreciated.

lianglee commented 3 years ago

I think you need to add

header("Access-Control-Allow-Origin: *");

in start.php file or

The best is to add in .htaccess

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule>
mirabledictu commented 3 years ago

I think you need to add

header("Access-Control-Allow-Origin: *");

in start.php file or

The best is to add in .htaccess

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule>

I tried adding it in both start.php

<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: PUT, GET, POST");
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");

//Restrict calling start.php directly from browser #1315
if(!defined("OSSN_ALLOW_SYSTEM_START")){
    header("HTTP/1.0 404 Not Found");   
    exit;
}
global $Ossn;
if (!isset($Ossn)) {
    $Ossn = new stdClass;
}
include_once(dirname(dirname(__FILE__)) . '/libraries/ossn.lib.route.php');

if (!is_file(ossn_route()->configs . 'ossn.config.site.php') && !is_file(ossn_route()->configs . 'ossn.config.db.php')) {
    header("Location: installation");
    exit;
}
include_once(ossn_route()->configs . 'libraries.php');
include_once(ossn_route()->configs . 'classes.php');

include_once(ossn_route()->configs . 'ossn.config.site.php');
include_once(ossn_route()->configs . 'ossn.config.db.php');

//Load session start after classes #1318
session_start();
foreach ($Ossn->libraries as $lib) {
    if (!include_once(ossn_route()->libs . "ossn.lib.{$lib}.php")) {
        throw new exception('Cannot include all libraries');
    }
}
ossn_trigger_callback('ossn', 'init');
//need to update user last_action 
// @note why its here?
update_last_activity();

and in .htaccess

 # OpenSource-SocialNetwork
 #
 # @package   (Informatikon.com).ossn
 # @author    OSSN Core Team <info@opensource-socialnetwork.org>
 # @copyright 2014 iNFORMATIKON TECHNOLOGIES
 # @license   General Public Licence http://opensource-socialnetwork.org/licence 
 # @link      http://www.opensource-socialnetwork.org 

Options -Indexes
Options +SymlinksIfOwnerMatch
DirectoryIndex index.php

<Files "error_log">
    order allow,deny
    deny from all
</Files>

<FilesMatch "(nginx|htaccess).dist">
    order allow,deny
    deny from all
</FilesMatch>

<IfModule mod_mime.c>
    AddType image/vnd.microsoft.icon .ico
</IfModule>

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 1 year"
</IfModule>

<FilesMatch "\.(jpg|jpeg|gif|png|mp3|flv|mov|avi|3pg|html|htm|swf|js|css|ico)$">
    FileETag MTime Size
</FilesMatch>

<IfModule mod_rewrite.c>
#SetEnv HTTP_MOD_REWRITE 1

RewriteEngine on

RewriteRule ^rewrite.php$ installation/tests/apache_rewrite.php [L]

RewriteRule ^action\/([A-Za-z0-9\_\-\/]+)$ system/handlers/actions.php?action=$1&%{QUERY_STRING} [L]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([A-Za-z0-9\_\-]+)$ index.php?h=$1 [QSA,L]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([A-Za-z0-9\_\-]+)\/(.*)$ index.php?h=$1&p=$2 [QSA,L]

</IfModule>

<IfModule mod_php5.c>
    php_value memory_limit 128M
    php_value register_globals 0
    php_value post_max_size 8388608
    php_value upload_max_filesize 5242880
    php_value default_charset "UTF-8"
</IfModule>

<IfModule mod_php7.c>
    php_value memory_limit 128M
    php_value register_globals 0
    php_value post_max_size 8388608
    php_value upload_max_filesize 5242880
    php_value default_charset "UTF-8"
</IfModule>

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "PUT, GET, POST"
    Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
</IfModule>

with no luck :(

lianglee commented 3 years ago

You need to add it only in one place and flush the cache sometimes cache is causing it.

Besides that if non resolves this issue then maybe your firewall or server removing those headers

lianglee commented 3 years ago

Sorry for delayed response I was busy in OSSN 6.0 release.

I will verify the reason of not working. Maybe mod_headers didn't exists in your apache or disabled or never used from .htaccess

mirabledictu commented 3 years ago

Sorry for delayed response I was busy in OSSN 6.0 release.

I will verify the reason of not working. Maybe mod_headers didn't exists in your apache or disabled or never used from .htaccess

Thanks!

The weird thing is other images are working, only photos posted in wall are not working. The one with ?caches

mirabledictu commented 3 years ago

I tried this to check apache modules enabled

<?php
print_r(apache_get_modules());
?>

and got this result

Array ( [0] => mod_rewrite [1] => mod_mime [2] => mod_headers [3] => mod_expires [4] => mod_auth_basic )

I think it might be related to session / logged in user...

mirabledictu commented 3 years ago

Also, I do get a lot of these in ossn_entities table when accessing /wall_list_home

Screen Shot 2021-09-27 at 5 30 18 PM

lianglee commented 3 years ago

Someone else also reported same issue. Are you using latest OSSN version? He was using old OSSN. Latest mean Ossn 5.6 or above?

mirabledictu commented 3 years ago

Yes updated my OSSN already. I also created a script to clear all rows with cover_time

<?php

$entities = ossn_get_entities(array(
        'type' => 'user',
        'subtype' => 'cover_time',
        'page_limit' => false
));

if($entities) {
        foreach($entities as $item) {
                $item->deleteEntity();
        }
}

$params['OssnServices']->successResponse(true);

Then every time I call wall_list_home, I get multiple cover_time rows again.

I am also inspecting it, we have a setUser method in OssnServices.php that has this line

if($user && $user->getProfileCover()){
   $cover = (new \OssnProfile())->getCoverURL($user);
}

and we have this in OssnProfile.php which I think doesn't clear rows with cover_time and just keep on adding it

    public function getCoverURL($user = ''){
        if(!empty($user) && $user instanceof OssnUser){
            if(!isset($user->cover_time) && empty($user->cover_time)){
                $user->cover_time = time();
                $user->data->cover_time = $user->cover_time;
                $user->save();
            }
            $url = ossn_site_url("cover/{$user->username}/".md5($user->cover_time).'.jpg');
            return ossn_add_cache_to_url($url);
        }
        return false;
    }
mirabledictu commented 3 years ago

So my bet why I'm getting the CORB Blocked cross-origin error is that the url is returning HTML page instead of the image itself because of session issues I guess.

lianglee commented 3 years ago

See https://github.com/opensource-socialnetwork/OssnServices/issues/5 It not doing for my side, can you tell steps to reproduce the error?

lianglee commented 3 years ago

So my bet why I'm getting the CORB Blocked cross-origin error is that the url is returning HTML page instead of the image itself because of session issues I guess.

Are you using Private Network component?

mirabledictu commented 3 years ago

See #5 It not doing for my side, can you tell steps to reproduce the error?

Just by calling api/v1.0/wall_list_home

mirabledictu commented 3 years ago

So my bet why I'm getting the CORB Blocked cross-origin error is that the url is returning HTML page instead of the image itself because of session issues I guess.

Are you using Private Network component?

yes. Do I have to update something? I am in 5.0

Edit: Updated to 5.4 and still have the same issue (cleared cache too)

mirabledictu commented 3 years ago

UPDATE: I tried right clicking a wall post image in a OSSN website and the url includes something like this https://mywebsite/post/photo/489/8933eaf8904f88c91481797ae6d0ccb0.jpg?ossn_cache=5171bc6c.

There is an attached ?ossn_cache=5171bc6c in the url so I tried adding it in the url generated from wall_list_home and it worked. I can now see the image.

Is there a way to add this to the image url in a post?

mirabledictu commented 3 years ago

I was able to fix the CORB error. I can PR

lianglee commented 3 years ago

You need to update to OSSN v5.6 or 6.0 is latest version 5.x no longer supported v5.4 is way to old.

Yes you can PR and I will merge.