spreed icon indicating copy to clipboard operation
spreed copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

Uploading files via Talk web interface fails

Open nektdev opened this issue 2 years ago • 9 comments

How to use GitHub

  • Please use the 👍 reaction to show that you are affected by the same issue.
  • Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
  • Subscribe to receive notifications on status change and new comments.

It used to be OK to upload files into the chat/room via both the Nextcloud web client (apps/spreed) and the mobile app. Still can upload files into the room via mobile app (Android) but uploading files via web interface fails (errors in the console).

Steps to reproduce

  1. Open any chat/room on Talk via browser.
  2. Drag & drop (or upload via 'paperclip' icon) a file into the room.
  3. See the file icon (or image) appearing.
  4. Wait a while and refresh the page to see it has not been uploaded.

Expected behaviour

A file could be uploaded to the room via browser client and visible after refreshing.

Actual behaviour

The file does not get uploaded into the room, it gets stuck with the spinner and has a grey horizontal bar underneath (picture for reference).

Screenshot from 2022-05-16 17-37-20

Talk app

Talk app version: (see apps admin page: /index.php/settings/apps) 13.0.5

Custom Signaling server configured: no

Custom TURN server configured: no

Custom STUN server configured: no

Browser

Microphone available: yes

Camera available: yes

Operating system: MacOS (also reproduced on Ubuntu)

Browser name: Chrome

Browser version: 101.0.4951.54 (Official Build) (x86_64))

Browser log

Console log at the moment of uploading - 2 errors one after another:

PROPFIND https://hub.animorph.coop/apps/dashboard/ 405
(anonymous) @ xhr.js:177
t.exports @ xhr.js:13
t.exports @ dispatchRequest.js:50
Promise.then (async)
l.request @ Axios.js:61
(anonymous) @ bind.js:9
(anonymous) @ functions.js:10
execute @ index.js:94
patchInline @ index.js:207
c @ request.js:13
e.request @ request.js:50
(anonymous) @ stat.js:62
(anonymous) @ stat.js:33
(anonymous) @ stat.js:14
(anonymous) @ stat.js:8
i @ stat.js:4
e.getStat @ stat.js:47
(anonymous) @ exists.js:49
(anonymous) @ exists.js:33
(anonymous) @ exists.js:14
(anonymous) @ exists.js:8
i @ exists.js:4
e.exists @ exists.js:43
exists @ factory.js:61
O @ fileUpload.js:45
uploadFiles @ fileUploadStore.js:291
(anonymous) @ vuex.esm.js:851
h.dispatch @ vuex.esm.js:516
dispatch @ vuex.esm.js:406
handleUpload @ UploadEditor.vue:170
qt @ vue.runtime.esm.js:1863
n @ vue.runtime.esm.js:2188
Si.r._wrapper @ vue.runtime.esm.js:6961


response.js:10 Uncaught (in promise) Error: Invalid response: 405 
    at r (response.js:10:15)
    at Object.e.handleResponseCode (response.js:21:19)
    at Object.<anonymous> (stat.js:65:32)
    at stat.js:33:23
    at Object.next (stat.js:14:53)
    at o (stat.js:5:58)
r @ response.js:10
e.handleResponseCode @ response.js:21
(anonymous) @ stat.js:65
(anonymous) @ stat.js:33
(anonymous) @ stat.js:14
o @ stat.js:5
Promise.then (async)
(anonymous) @ vuex.esm.js:519
h.dispatch @ vuex.esm.js:518
dispatch @ vuex.esm.js:406
handleUpload @ UploadEditor.vue:170
qt @ vue.runtime.esm.js:1863
n @ vue.runtime.esm.js:2188
Si.r._wrapper @ vue.runtime.esm.js:6961
globals.js:62 $ is deprecated: The global jQuery is deprecated. It will be removed in a later versions without another warning. Please ship your own.
ge @ globals.js:62
get @ globals.js:93
(anonymous) @ listener.js?v=6369a6ec-43:152
(anonymous) @ v-tooltip.esm.js:1533
setTimeout (async)
$_hide @ v-tooltip.esm.js:1528
(anonymous) @ v-tooltip.esm.js:1674
setTimeout (async)
$_scheduleHide @ v-tooltip.esm.js:1657
hide @ v-tooltip.esm.js:1357
$_handleGlobalClose @ v-tooltip.esm.js:1741
(anonymous) @ v-tooltip.esm.js:1796
requestAnimationFrame (async)
n @ v-tooltip.esm.js:1794
ue @ v-tooltip.esm.js:1804
(anonymous) @ v-tooltip.esm.js:1779
clickImportInput @ NewMessageForm.vue:449
click @ NewMessageForm.vue?vue&type=template&id=e6aa680e&scoped=true&:1
qt @ vue.runtime.esm.js:1863
n @ vue.runtime.esm.js:2188
qt @ vue.runtime.esm.js:1863
t.$emit @ vue.runtime.esm.js:3903
onClick @ ActionButton.js:43
qt @ vue.runtime.esm.js:1863
n @ vue.runtime.esm.js:2188
Si.r._wrapper @ vue.runtime.esm.js:6961

Server configuration

Operating system: Debian

Web server: Apache

Database: MariaDB

PHP version: 7.4

Nextcloud Version: 23.0.3

List of activated apps:

Enabled:
  - accessibility: 1.9.0
  - activity: 2.15.0
  - apporder: 0.15.0
  - audioplayer: 3.3.0
  - calendar: 3.3.0
  - circles: 23.1.1
  - cloud_federation_api: 1.6.0
  - collectives: 1.1.0
  - comments: 1.13.0
  - contacts: 4.1.0
  - contactsinteraction: 1.4.0
  - cospend: 1.4.6
  - dashboard: 7.3.0
  - dav: 1.21.0
  - deck: 1.6.1
  - drawio: 1.0.2
  - event_update_notification: 1.5.0
  - federatedfilesharing: 1.13.0
  - federation: 1.13.0
  - files: 1.18.0
  - files_pdfviewer: 2.4.0
  - files_rightclick: 1.2.0
  - files_sharing: 1.15.0
  - files_trashbin: 1.13.0
  - files_versions: 1.16.0
  - files_videoplayer: 1.12.0
  - firstrunwizard: 2.12.0
  - forms: 2.5.0
  - integration_discourse: 1.0.2
  - integration_gitlab: 1.0.3
  - integration_twitter: 1.0.2
  - keeweb: 0.6.9
  - logreader: 2.8.0
  - lookup_server_connector: 1.11.0
  - mail: 1.12.0
  - nextcloud_announcements: 1.12.0
  - notifications: 2.11.1
  - notify_push: 0.4.0
  - oauth2: 1.11.0
  - onlyoffice: 7.3.4
  - password_policy: 1.13.0
  - photos: 1.5.0
  - polls: 3.6.1
  - privacy: 1.7.0
  - provisioning_api: 1.13.0
  - recommendations: 1.2.0
  - serverinfo: 1.13.0
  - settings: 1.5.0
  - sharebymail: 1.13.0
  - socialsharing_email: 2.5.0
  - spreed: 13.0.5
  - support: 1.6.0
  - survey_client: 1.11.0
  - systemtags: 1.13.0
  - tasks: 0.14.4
  - text: 3.4.1
  - theming: 1.14.0
  - twofactor_backupcodes: 1.12.0
  - updatenotification: 1.13.0
  - user_status: 1.3.1
  - viewer: 1.7.0
  - weather_status: 1.3.0
  - workflow_ocr: 1.23.2
  - workflow_pdf_converter: 1.8.0
  - workflow_script: 1.8.0
  - workflowengine: 2.5.0
Disabled:
  - admin_audit
  - analytics: 4.2.1
  - encryption
  - end_to_end_encryption: 1.9.1
  - files_external
  - flow_notifications: 1.2.0
  - integration_whiteboard: 0.0.14
  - podcast: 0.0.1
  - side_menu: 2.3.5
  - user_ldap

Nextcloud configuration:

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "www.website.coop",
            "website.coop"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "23.0.4.1",
        "overwrite.cli.url": "https:\/\/hub.animorph.coop",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "htaccess.RewriteBase": "\/",
        "mail_smtpmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "mail_smtpsecure": "",
        "mail_smtpauth": "False",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "loglevel": 2,
        "memcache.local": "\\OC\\Memcache\\Memcached",
        "app_install_overwrite": [
            "drawio",
            "keeweb",
            "apporder"
        ],
        "updater.release.channel": "stable",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": "6379"
        },
        "default_phone_region": "GB",
        "theme": ""
    }
}

nektdev avatar May 16 '22 17:05 nektdev

PROPFIND https://hub.animorph.coop/apps/dashboard/ 405

Seems like something on your webserver level is wrong and redirecting the PROPFIND to the default app?

nickvergessen avatar Aug 02 '22 10:08 nickvergessen

Anything special you added there?

Does it also happen with the latest Talk?

nickvergessen avatar Aug 02 '22 10:08 nickvergessen

Thank you @nickvergessen !

I am on Talk 14.0.3 now and the error still persists via Nextcloud web UI. As I mentioned in the report, I do not have such an issue via Talk app on Android.

Our server configuration is 100% standard, happy to retrieve any information that might help uncover what is the issue.

nektdev avatar Aug 09 '22 15:08 nektdev

PROPFIND https://hub.animorph.coop/apps/dashboard/ 405

Well something seems to redirect the PROPFINDs for remote.php/dav/ to the main app which by default is the dashboard. Maybe your htaccess rewrite or something a like is too heavy?

nickvergessen avatar Aug 09 '22 16:08 nickvergessen

@nickvergessen thanks for looking at this, I'm trying to debug this issue, as far as I'm aware the default .htaccess file is being used:

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
    <IfModule mod_lsapi.c>
      SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
      RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
  </IfModule>

  <IfModule mod_env.c>
    # Add security and privacy related headers

    # Avoid doubled headers by unsetting headers in "onsuccess" table,
    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
    Header onsuccess unset Referrer-Policy
    Header always set Referrer-Policy "no-referrer"

    Header onsuccess unset X-Content-Type-Options
    Header always set X-Content-Type-Options "nosniff"

    Header onsuccess unset X-Frame-Options
    Header always set X-Frame-Options "SAMEORIGIN"

    Header onsuccess unset X-Permitted-Cross-Domain-Policies
    Header always set X-Permitted-Cross-Domain-Policies "none"

    Header onsuccess unset X-Robots-Tag
    Header always set X-Robots-Tag "none"

    Header onsuccess unset X-XSS-Protection
    Header always set X-XSS-Protection "1; mode=block"

    SetEnv modHeadersAvailable true
  </IfModule>

  # Add cache control for static resources
  <FilesMatch "\.(css|js|svg|gif|png|jpg|ico|wasm|tflite)$">
    Header set Cache-Control "max-age=15778463"
  </FilesMatch>

  <FilesMatch "\.(css|js|svg|gif|png|jpg|ico|wasm|tflite)(\?v=.*)?$">
    Header set Cache-Control "max-age=15778463, immutable"
  </FilesMatch>

  # Let browsers cache WOFF files for a week
  <FilesMatch "\.woff2?$">
    Header set Cache-Control "max-age=604800"
  </FilesMatch>
</IfModule>

# PHP 7.x
<IfModule mod_php7.c>
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>

# PHP 8+
<IfModule mod_php.c>
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>

<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddType application/wasm wasm
  AddEncoding gzip svgz
</IfModule>

<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>

<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

AddDefaultCharset utf-8
Options -Indexes
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

ErrorDocument 403 /
ErrorDocument 404 /
<IfModule mod_rewrite.c>
  Options -MultiViews
  RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
  RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
  RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg|map|webm|mp4|mp3|ogg|wav|wasm|tflite)$
  RewriteCond %{REQUEST_FILENAME} !/core/ajax/update\.php
  RewriteCond %{REQUEST_FILENAME} !/core/img/(favicon\.ico|manifest\.json)$
  RewriteCond %{REQUEST_FILENAME} !/(cron|public|remote|status)\.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v(1|2)\.php
  RewriteCond %{REQUEST_FILENAME} !/robots\.txt
  RewriteCond %{REQUEST_FILENAME} !/(ocm-provider|ocs-provider|updater)/
  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  RewriteCond %{REQUEST_FILENAME} !/richdocumentscode(_arm64)?/proxy.php$
  RewriteRule . index.php [PT,E=PATH_INFO:$1]
  RewriteBase /
  <IfModule mod_env.c>
    SetEnv front_controller_active true
    <IfModule mod_dir.c>
      DirectorySlash off
    </IfModule>
  </IfModule>
</IfModule>

The .htaccess file was generated using occ via Ansible:

php occ --no-ansi -n config:system:set htaccess.RewriteBase --value='/'

I've enabled verbose debugging for the Apache VirtualHost and I haven't found anything in the logs that jump out, perhaps it is something to do with the FastCGI proxying to PHP-FPM?

Could I use curl to make a PROPFIND request to try to debug this?

chriscroome avatar Aug 10 '22 10:08 chriscroome

Answering myself after reading the documentation... :roll_eyes:

I don't have a Nextcloud account on the instance in question, however on a development server which I believe is more-or-less configured the same way, I get a HTTP/2 207 request when doing a PROPFIND using curl:

curl -v -u username:password 'https://nextcloud.webarch.org.uk/remote.php/dav/' -X PROPFIND --data '<?xml version="1.0" encoding="UTF-8"?><d:p
ropfind xmlns:d="DAV:"><d:prop xmlns:oc="http://owncloud.org/ns"><d:getlastmodified/><
d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop></d:propfind>'

*   Trying 81.95.52.26:443...
* Connected to nextcloud.webarch.org.uk (81.95.52.26) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=nextcloud.webarch.org.uk
*  start date: Jul 16 23:29:15 2022 GMT
*  expire date: Oct 14 23:29:14 2022 GMT
*  subjectAltName: host "nextcloud.webarch.org.uk" matched cert's "nextcloud.webarch.org.uk"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Server auth using Basic with user 'cloud'
* Using Stream ID: 1 (easy handle 0x5636fdd7ccc0)
> PROPFIND /remote.php/dav/ HTTP/2
> Host: nextcloud.webarch.org.uk
> authorization: Basic XXXXXXXX-REMOVED-XXXXXXXXXXX
> user-agent: curl/7.74.0
> accept: */*
> content-length: 201
> content-type: application/x-www-form-urlencoded
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
* We are completely uploaded and fine
< HTTP/2 207 
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: no-store, no-cache, must-revalidate
< pragma: no-cache
< content-security-policy: default-src 'none';
< vary: Brief,Prefer
< dav: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar
< x-request-id: fuRgkX68NBZ4ip00PgVy
< x-debug-token: fuRgkX68NBZ4ip00PgVy
< set-cookie: oc_sessionPassphrase=XXXXXXXX-REMOVED-XXXXXXXXXXX; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
< set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
< set-cookie: XXXXXXXX-REMOVED-XXXXXXXXXXX; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: cookie_test=test; expires=Wed, 10-Aug-2022 12:40:00 GMT; Max-Age=3600
< strict-transport-security: max-age=630720645;
< permissions-policy: interest-cohort=()
< referrer-policy: no-referrer
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-permitted-cross-domain-policies: none
< x-robots-tag: none
< x-xss-protection: 1; mode=block
< content-type: application/xml; charset=utf-8
< date: Wed, 10 Aug 2022 11:39:59 GMT
< server: Apache/2.4.54 (Debian)
< < 
<?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns"><d:response><d:href>/remote.php/dav/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/principals/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/files/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/calendars/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:peading databasrop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/system-calendars/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/public-calendars/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/addressbooks/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/systemtags/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/systemtags-relations/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/comments/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/uploads/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/avatars/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/provisioning/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/trashbin/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/versions/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response></d:multistatus>
* Connection #0 to host nextcloud.webarch.org.uk left intact

@nektdev could you try the above, change the username:password (but don't post them here!) and the server address and also remove / censor the authorization and set-cookie lines from the results.

chriscroome avatar Aug 10 '22 11:08 chriscroome

Thank you both, followed the instructions, receiving 400.

curl -v -u username:password 'https://hub.animorph.coop/remote.php/dav/' -X PROPFIND --data '<?xml version="1.0" encoding="UTF-8"?><d:p
ropfind xmlns:d="DAV:"><d:prop xmlns:oc="http://owncloud.org/ns"><d:getlastmodified/><
d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop></d:propfind>'
*   Trying 81.95.52.34:443...
* Connected to hub.animorph.coop (81.95.52.34) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=hub.animorph.webarch.coop
*  start date: Aug  4 23:45:26 2022 GMT
*  expire date: Nov  2 23:45:25 2022 GMT
*  subjectAltName: host "hub.animorph.coop" matched cert's "hub.animorph.coop"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Server auth using Basic with user 'username'
* Using Stream ID: 1 (easy handle 0x55f131b8fe80)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> PROPFIND /remote.php/dav/ HTTP/2
> Host: hub.animorph.coop

> user-agent: curl/7.81.0
> accept: */*
> content-length: 203
> content-type: application/x-www-form-urlencoded
> 
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* We are completely uploaded and fine
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 400 
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: no-store, no-cache, must-revalidate
< pragma: no-cache
< content-security-policy: default-src 'none';

< strict-transport-security: max-age=630720622;
< permissions-policy: interest-cohort=()
< last-modified: Wed, 12 Aug 2020 09:18:03 GMT
< accept-ranges: bytes
< content-type: text/html
< date: Wed, 10 Aug 2022 12:33:34 GMT
< server: Apache/2.4.54 (Debian)
< 
<!doctype html>
<html lang="en" prefix="og: http://ogp.me/ns#">
  <head>
    <meta charset="utf-8" />
    <title>400 Bad Request | Webarchitects Shared Hosting</title>
    
    <meta name="description" content="Your browser (or proxy) sent a request that this server could not understand." />
    
HTML continues...

</html>

 
* Connection #0 to host hub.animorph.coop left intact

Is there anything else I could try?

nektdev avatar Aug 10 '22 12:08 nektdev

The Apache log entry for that request:

X.X.X.X - - [10/Aug/2022:12:33:34 +0000] "PROPFIND /remote.php/dav/ HTTP/2.0" 400 13937 "-" "curl/7.81.0"

And the PHP log entry:

- - XXX 10/Aug/2022:12:33:34 +0000 "PROPFIND /remote.php" 400 /home/hub/sites/nextcloud/remote.php 563.534 4096 70.98%

I really don't know what the cause of this is, I have now reset the PHP-FPM and Apache log levels to debug, @nektdev could you try again (take care to ensure that no additional carrige returns or whitespace have been added to the command)?

chriscroome avatar Aug 10 '22 14:08 chriscroome

Thank you, it appears that I can reproduce your result.

curl -v -u username:password 'https://hub.animorph.coop/remote.php/dav/' -X PROPFIND --data '<?xml version="1.0" encoding="UTF-8"?><d:propfind xmlns:d="DAV:"><d:prop xmlns:oc="http://owncloud.org/ns"><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop></d:propfind>'
*   Trying 81.95.52.34:443...
* Connected to hub.animorph.coop (81.95.52.34) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=hub.animorph.webarch.coop
*  start date: Aug  4 23:45:26 2022 GMT
*  expire date: Nov  2 23:45:25 2022 GMT
*  subjectAltName: host "hub.animorph.coop" matched cert's "hub.animorph.coop"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Server auth using Basic with user 'username'
* Using Stream ID: 1 (easy handle 0x558bee8ede80)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> PROPFIND /remote.php/dav/ HTTP/2
> Host: hub.animorph.coop

> user-agent: curl/7.81.0
> accept: */*
> content-length: 201
> content-type: application/x-www-form-urlencoded
> 
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* We are completely uploaded and fine
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 207 
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: no-store, no-cache, must-revalidate
< pragma: no-cache
< content-security-policy: default-src 'none';
< vary: Brief,Prefer
< dav: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar
< x-request-id: 0N7OfB8oTgTD7WYWLKig
< x-debug-token: 0N7OfB8oTgTD7WYWLKig

< strict-transport-security: max-age=630720622;
< permissions-policy: interest-cohort=()
< referrer-policy: no-referrer
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-permitted-cross-domain-policies: none
< x-robots-tag: none
< x-xss-protection: 1; mode=block
< content-type: application/xml; charset=utf-8
< date: Wed, 10 Aug 2022 15:42:41 GMT
< server: Apache/2.4.54 (Debian)
< 
<?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns"><d:response><d:href>/remote.php/dav/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/principals/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/files/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/calendars/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/system-calendars/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/public-calendars/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/addressbooks/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/systemtags/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/systemtags-relations/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/comments/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/uploads/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/avatars/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/provisioning/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/trashbin/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response><d:response><d:href>/remote.php/dav/versions/</d:href><d:propstat><d:prop><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><d:getetag/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response></d:multistatus>
* Connection #0 to host hub.animorph.coop left intact

nektdev avatar Aug 10 '22 15:08 nektdev

I appear to have solved this issue by deleting this Apache config for notify_push:

  ProxyPass "/push/ws" "ws://127.0.0.1:7867/ws"
  ProxyPass "/push/" "http://127.0.0.1:7867/"
  ProxyPassReverse "/push/" "http://127.0.0.1:7867/"

And replacing it with:

  <Location "/push/" >
    ProxyPass "http://127.0.0.1:7867/"
    ProxyPassReverse "http://127.0.0.1:7867/"
  </Location>
  <Location "/push/ws" >
    ProxyPass "ws://127.0.0.1:7867/ws"
  </Location>

However I'm not sure why the notify_push reverse proxy settings have an impact on Nextcloud Talk image uploads?

chriscroome avatar Jan 16 '23 16:01 chriscroome

That is interesting, thanks for sharing!

nickvergessen avatar Jan 17 '23 05:01 nickvergessen