collectives icon indicating copy to clipboard operation
collectives copied to clipboard
verified publisher icon nextcloud

Public Images - Request failed with status code 403

Open xavi-GH opened this issue 1 year ago • 0 comments

Describe the bug In NC 27.1.10, we first upgraded Collectives app 2.11.0 -> 2.13.0, then we upgraded NC 27.1.10 -> 27.1.11. We then experienced an issue regarding the images of each Collective entry. Suddenly, 80% of the images were "broken" and instead, the message "Request failed with status code 403" is shown along with a mountain icon.

We cannot be sure about the root of this issue, but it might be related to the update. We have also manuals within Collectives app that are made public, and all the entries appear with broken images.

This issue is similar to when I edit an entry in Collectives. When I'm in "Edit" mode everything works, but when i click "Done" then it shows the entry with the error "Request ... 403", then i need to either re-upload the images in edit mode or force a refresh in edit mode, and then it seems to be fixed. Seems like something related to permissions when not in edit mode or when images (.attachments) are made public.

In public entries, sometimes accessing the entry more than once is helpful to get images loaded. This does not happen when opening other websites.

To Reproduce

  1. Create some entries in the collective
  2. Get the public link of the root entry
  3. Access the public link (images are ok)
  4. Update app
  5. Access the public link (images are broken)

Temporal fix: I have to access one entry by one, click "Edit button", click "Done" (now all images are ok) After all this job (we wave many entries in the manual), the public link shows images fine.

Expected behavior Images should be visible for the public if i get a public link, and the images should be visible all the time.

Screenshots imatge

https://github.com/user-attachments/assets/5929f95b-93dc-4c45-9eef-1098b3bd7c0a

In this video, the entry is "...retenció...", first is shown in the public tab, where the error "Request ... 403" is shown. Then I go back to the NC-Collectives app, find the entry, click "Edit" button and "Done". After, the public link loads the image correctly.

Server details:

  • Collectives app version: 2.13.0
  • Nextcloud version: 27.1.11
  • PHP Version: 8.2.19
  • Database: 10.5.23

Client details:

  • OS: Debian
  • Browser: Firefox
  • Browser version: 115.10
  • Device: desktop
Logs

Nextcloud log (data/nextcloud.log)

web    | X.X.X.X - - [07/Aug/2024:13:02:46 +0000] "POST /apps/text/attachments HTTP/1.0" 403 2 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "X.X.X.X"
web    | X.X.X.X - - [07/Aug/2024:13:02:47 +0000] "POST /apps/text/attachments HTTP/1.0" 200 444 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "X.X.X.X"
web    | X.X.X.X - - [07/Aug/2024:13:03:31 +0000] "POST /apps/text/attachments HTTP/1.0" 200 448 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "X.X.X.X"
web    | X.X.X.X - - [07/Aug/2024:13:05:29 +0000] "POST /apps/text/attachments HTTP/1.0" 200 443 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "X.X.X.X"
web    | X.X.X.X - - [07/Aug/2024:13:12:19 +0000] "POST /apps/text/attachments HTTP/1.0" 403 2 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "X.X.X.X"
web    | X.X.X.X - - [07/Aug/2024:13:14:36 +0000] "POST /apps/text/attachments HTTP/1.0" 403 2 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "X.X.X.X"

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log

You need to fill either the text or the ariaLabel props in the button component. 
Object { text: undefined, ariaLabel: null }
 
Object { _uid: 1065, _isVue: true, __v_skip: true, _scope: {…}, "$options": {…}, _renderProxy: {…}, _self: {…}, "$parent": {…}, "$root": {…}, "$children": [], … }
index.module.js:2:811368
[DEBUG] text: sending final steps  
Object { app: "text", uid: "MYUSERNAME", level: 0, steps: [], awareness: "TOKEN", version: 0 }
ConsoleLogger.js:65:18
XHRPOST
https://doc.commonscloud.coop/apps/text/attachments
[HTTP/2 403 Forbidden 90ms]

[DEBUG] text: WebSocketPolyfill#constructor 
Object { app: "text", uid: "MYUSERNAME", level: 0, url: "ws://localhost:XXX/file:12121", fileId: 12121, initialSession: null }
ConsoleLogger.js:65:18
[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "MYUSERNAME", level: 0 }
ConsoleLogger.js:65:18
[DEBUG] text: Websocket closed 
Object { app: "text", uid: "MYUSERNAME", level: 0 }
ConsoleLogger.js:65:18
[DEBUG] text: opened  
Object { app: "text", uid: "MYUSERNAME", level: 0, version: 0, session: {…} }
ConsoleLogger.js:65:18
[DEBUG] text: status 
Object { app: "text", uid: "MYUSERNAME", level: 0, status: "connected" }
ConsoleLogger.js:65:18
[tiptap warn]: Duplicate extension names found: ['paragraph', 'link', 'markdown', 'doc', 'text', 'hardBreak', 'heading', 'strong', 'em', 'strike', 'blockquote', 'characterCount', 'code', 'codeBlock', 'bulletList', 'horizontalRule', 'orderedList', 'listItem', 'table', 'tableCaption', 'tableCell', 'tableHeader', 'tableHeadRow', 'tableRow', 'taskList', 'taskItem', 'callout', 'underline', 'image', 'dropCursor', 'keep-syntax', 'frontMatter', 'emoji', 'linkPicker', 'placeholder', 'trailingNode', 'mention', 'image-inline']. This can lead to issues. index.js:949:12
[DEBUG] text: loaded  
Object { app: "text", uid: "MYUSERNAME", level: 0, version: 0, session: {…} }
ConsoleLogger.js:65:18
[DEBUG] text: sending steps  
Object { app: "text", uid: "MYUSERNAME", level: 0, steps: (2) […], awareness: "TOKEN", version: 0 }
ConsoleLogger.js:65:18
[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "MYUSERNAME", level: 0 }
ConsoleLogger.js:65:18
[DEBUG] text: synced  
Object { app: "text", uid: "MYUSERNAME", level: 0, version: 0, steps: (1) […] }
ConsoleLogger.js:65:18
You need to fill either the text or the ariaLabel props in the button component. 
Object { text: undefined, ariaLabel: null }
 
Object { _uid: 1283, _isVue: true, __v_skip: true, _scope: {…}, "$options": {…}, _renderProxy: {…}, _self: {…}, "$parent": {…}, "$root": {…}, "$children": [], … }
index.module.js:2:811368
[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "MYUSERNAME", level: 0 }
ConsoleLogger.js:65:18
[DEBUG] text: synced  
Object { app: "text", uid: "MYUSERNAME", level: 0, version: 81382, steps: (2) […] }
ConsoleLogger.js:65:18
[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "MYUSERNAME", level: 0 }
ConsoleLogger.js:65:18
[DEBUG] text: synced  
Object { app: "text", uid: "MYUSERNAME", level: 0, version: 81382, steps: (1) […] }
ConsoleLogger.js:65:18
[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "MYUSERNAME", level: 0 }
ConsoleLogger.js:65:18
[DEBUG] text: synced  
Object { app: "text", uid: "MYUSERNAME", level: 0, version: 81382, steps: (1) […] }
ConsoleLogger.js:65:18
[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "MYUSERNAME", level: 0 }
ConsoleLogger.js:65:18
[DEBUG] text: synced  
Object { app: "text", uid: "MYUSERNAME", level: 0, version: 81382, steps: (1) […] }
ConsoleLogger.js:65:18
[DEBUG] text: sending steps  
Object { app: "text", uid: "MYUSERNAME", level: 0, steps: [], awareness: "TOKEN", version: 81382 }
ConsoleLogger.js:65:18
You need to fill either the text or the ariaLabel props in the button component. 
Object { text: undefined, ariaLabel: null }
 
Object { _uid: 1283, _isVue: true, __v_skip: true, _scope: {…}, "$options": {…}, _renderProxy: {…}, _self: {…}, "$parent": {…}, "$root": {…}, "$children": (1) […], … }
index.module.js:2:811368
[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "MYUSERNAME", level: 0 }
ConsoleLogger.js:65:18
[DEBUG] text: synced  
Object { app: "text", uid: "MYUSERNAME", level: 0, version: 81382, steps: (1) […] }
ConsoleLogger.js:65:18
[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "MYUSERNAME", level: 0 }
ConsoleLogger.js:65:18
[DEBUG] text: synced  
Object { app: "text", uid: "MYUSERNAME", level: 0, version: 81382, steps: (1) […] }
ConsoleLogger.js:65:18
[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "MYUSERNAME", level: 0 }
ConsoleLogger.js:65:18
[DEBUG] text: synced  
Object { app: "text", uid: "MYUSERNAME", level: 0, version: 81382, steps: (1) […] }
ConsoleLogger.js:65:18

xavi-GH avatar Aug 07 '24 13:08 xavi-GH