umami
umami copied to clipboard
umami-software
Can't access the team page
Describe the Bug
I just created a first team. I wanted to access/view the team page in settings to get the access code. However, after clicking on view, I just get a page with javascript code (see below).
!function(){"use strict";(t=>{const{screen:{width:e,height:a},navigator:{language:r},location:n,localStorage:i,document:c,history:o}=t,{hostname:s,href:u}=n,{currentScript:l,referrer:d}=c;if(!l)return;const f="data-",m=l.getAttribute.bind(l),h=m(f+"website-id"),p=m(f+"host-url"),g=m(f+"tag"),y="false"!==m(f+"auto-track"),b="true"===m(f+"exclude-search"),v=m(f+"domains")||"",S=v.split(",").map((t=>t.trim())),w=`${(p||""||l.src.split("/").slice(0,-1).join("/")).replace(/\/$/,"")}/api/send`,N=`${e}x${a}`,T=/data-umami-event-([\w-_]+)/,A=f+"umami-event",x=300,O=t=>{if(t){try{const e=decodeURI(t);if(e!==t)return e}catch{return t}return encodeURI(t)}},U=t=>{try{const{pathname:e,search:a}=new URL(t);t=e+a}catch{}return b?t.split("?")[0]:t},j=()=>({website:h,hostname:s,screen:N,language:r,title:O(_),url:O(B),referrer:O(D),tag:g||void 0}),k=(t,e,a)=>{a&&(D=B,B=U(a.toString()),B!==D&&setTimeout($,x))},E=()=>!h||i&&i.getItem("umami.disabled")||v&&!S.includes(s),L=async(t,e="event")=>{if(E())return;const a={"Content-Type":"application/json"};void 0!==K&&(a["x-umami-cache"]=K);try{const r=await fetch(w,{method:"POST",body:JSON.stringify({type:e,payload:t}),headers:a}),n=await r.text();return K=n}catch{}},$=(t,e)=>L("string"==typeof t?{...j(),name:t,data:"object"==typeof e?e:void 0}:"object"==typeof t?t:"function"==typeof t?t(j()):j()),I=t=>L({...j(),data:t},"identify");t.umami||(t.umami={track:$,identify:I});let K,R,B=U(u),D=d!==s?d:"",_=c.title;if(y&&!E()){(()=>{const t=(t,e,a)=>{const r=t[e];return(...e)=>(a.apply(null,e),r.apply(t,e))};o.pushState=t(o,"pushState",k),o.replaceState=t(o,"replaceState",k)})(),(()=>{const t=new MutationObserver((([t])=>{_=t&&t.target?t.target.text:void 0})),e=c.querySelector("head > title");e&&t.observe(e,{subtree:!0,characterData:!0,childList:!0})})(),c.addEventListener("click",(async t=>{const e=t=>["BUTTON","A"].includes(t),a=async t=>{const e=t.getAttribute.bind(t),a=e(A);if(a){const r={};return t.getAttributeNames().forEach((t=>{const a=t.match(T);a&&(r[a[1]]=e(t))})),$(a,r)}},r=t.target,i=e(r.tagName)?r:((t,a)=>{let r=t;for(let t=0;t<a;t++){if(e(r.tagName))return r;if(r=r.parentElement,!r)return null}})(r,10);if(!i)return a(r);{const{href:e,target:r}=i,c=i.getAttribute(A);if(c)if("A"===i.tagName){const o="_blank"===r||t.ctrlKey||t.shiftKey||t.metaKey||t.button&&1===t.button;if(c&&e)return o||t.preventDefault(),a(i).then((()=>{o||(n.href=e)}))}else if("BUTTON"===i.tagName)return a(i)}}),!0);const t=()=>{"complete"!==c.readyState||R||($(),R=!0)};c.addEventListener("readystatechange",t,!0),t()}})(window)}();
Subsequently, I can't invite anyone to the team, or add websites to it.
Database
MySQL
Relevant log output
See above
Which Umami version are you using? (if relevant)
2.12.1
Which browser are you using? (if relevant)
Tried in Chrome, as well as Iron Browser (Chrome based) and Firefox
How are you deploying your application? (if relevant)
Docker
That is the tracking script code. I'm not sure how you got to there from teams. What is the URL?
I'm on the page https://domain.com/settings/teams and click on the "-> View" button.
Then I get https://domain.com/teams/91c7befb-b928-414e-b2c7-67cf88878826/settings/team where I see that code instead of the team settings page.
I just updated to the latest version, but no luck. When I click on the View button under Settings - Team, I get that Javascript code.
I tried that via my "normal" URL which is served from the reverse proxy, but also via the direct link to the docker container, avoiding the reverse proxy.
The console doesn't show any errors or warning when clicking on the Settings - Team page, nor when I click the view button. And also in the docker container, there is nothing in the log files.
Anything else I could check on my side?
This issue is stale because it has been open for 60 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Is there any way I can get this to work? Can I check some logs, or turn on some debugging function? I can't edit or even delete a team, as I have no access to that at all. So I went into the database and deleted the record in the Team table. After creating a new team, it was the exact same result.
This issue is stale because it has been open for 60 days with no activity.
Do you have something in front like Nginx that could be rewriting the paths?
Yes, it is behind an Nginx proxy.
However, when I access the UI via http://servername:3000/teams/ad04fe36-5faa-4913-9290-bdce990b80aa/settings/team or even via the IP address http://192.168.7.8:3000/teams/ad04fe36-5faa-4913-9290-bdce990b80aa/settings/team I get that javascript:
!function(){"use strict";(t=>{const{screen:{width:e,height:a},navigator:{language:r},location:n,document:i,history:c}=t,{hostname:s,href:o,origin:u}=n,{currentScript:l,referrer:d}=i,h=o.startsWith("data:")?void 0:t.localStorage;if(!l)return;const f="data-",m=l.getAttribute.bind(l),p=m(f+"website-id"),g=m(f+"host-url"),y=m(f+"tag"),b="false"!==m(f+"auto-track"),v="true"===m(f+"exclude-search"),S=m(f+"domains")||"",w=S.split(",").map((t=>t.trim())),N=`${(g||""||l.src.split("/").slice(0,-1).join("/")).replace(/\/$/,"")}/api/send`,T=`${e}x${a}`,A=/data-umami-event-([\w-_]+)/,x=f+"umami-event",O=300,U=t=>{if(t){try{const e=decodeURI(t);if(e!==t)return e}catch(e){return t}return encodeURI(t)}},j=t=>{try{const{pathname:e,search:a,hash:r}=new URL(t,n.href);t=e+a+r}catch(t){}return v?t.split("?")[0]:t},k=()=>({website:p,hostname:s,screen:T,language:r,title:U(q),url:U(W),referrer:U(_),tag:y||void 0}),E=(t,e,a)=>{a&&(_=W,W=j(a.toString()),W!==_&&setTimeout(K,O))},L=()=>!p||h&&h.getItem("umami.disabled")||S&&!w.includes(s),$=async(t,e="event")=>{if(L())return;const a={"Content-Type":"application/json"};void 0!==B&&(a["x-umami-cache"]=B);try{const r=await fetch(N,{method:"POST",body:JSON.stringify({type:e,payload:t}),headers:a}),n=await r.text();return B=n}catch(t){}},I=()=>{D||(K(),(()=>{const t=(t,e,a)=>{const r=t[e];return(...e)=>(a.apply(null,e),r.apply(t,e))};c.pushState=t(c,"pushState",E),c.replaceState=t(c,"replaceState",E)})(),(()=>{const t=new MutationObserver((([t])=>{q=t&&t.target?t.target.text:void 0})),e=i.querySelector("head > title");e&&t.observe(e,{subtree:!0,characterData:!0,childList:!0})})(),i.addEventListener("click",(async t=>{const e=t=>["BUTTON","A"].includes(t),a=async t=>{const e=t.getAttribute.bind(t),a=e(x);if(a){const r={};return t.getAttributeNames().forEach((t=>{const a=t.match(A);a&&(r[a[1]]=e(t))})),K(a,r)}},r=t.target,i=e(r.tagName)?r:((t,a)=>{let r=t;for(let t=0;t<a;t++){if(e(r.tagName))return r;if(r=r.parentElement,!r)return null}})(r,10);if(!i)return a(r);{const{href:e,target:r}=i,c=i.getAttribute(x);if(c)if("A"===i.tagName){const s="_blank"===r||t.ctrlKey||t.shiftKey||t.metaKey||t.button&&1===t.button;if(c&&e)return s||t.preventDefault(),a(i).then((()=>{s||(n.href=e)}))}else if("BUTTON"===i.tagName)return a(i)}}),!0),D=!0)},K=(t,e)=>$("string"==typeof t?{...k(),name:t,data:"object"==typeof e?e:void 0}:"object"==typeof t?t:"function"==typeof t?t(k()):k()),R=t=>$({...k(),data:t},"identify");t.umami||(t.umami={track:K,identify:R});let B,D,W=j(o),_=d.startsWith(u)?"":d,q=i.title;b&&!L()&&("complete"===i.readyState?I():i.addEventListener("readystatechange",I,!0))})(window)}();
One thing I just noted. On your documentation page the environment variable is called APP_SECRET.
In my docker start I still use HASH_SALT:
docker run -d --name umami --restart unless-stopped \
-e DATABASE_URL=mysql://umami:[email protected]:3306/umami \
-e DATABASE_TYPE=mysql \
-e HASH_SALT=30CharsString \
-e TRACKER_SCRIPT_NAME=m \
-e DISABLE_TELEMETRY=1 \
-p 3000:3000 docker.umami.is/umami-software/umami:mysql-latest
Could that have an impact? Am I currently running the app without a "secret" now? At least the log file during the startup doesn't show any error message or anything.
yarn run v1.22.22
$ npm-run-all check-db update-tracker start-server
$ node scripts/check-db.js
✓ DATABASE_URL is defined.
✓ Database connection successful.
✓ Database version check successful.
Prisma schema loaded from prisma/schema.prisma
Datasource "db": MySQL database "umami" at "domain.com:3306"
7 migrations found in prisma/migrations
No pending migrations to apply.
✓ Database is up to date.
$ node scripts/update-tracker.js
$ node server.js
▲ Next.js 15.0.4
- Local: http://localhost:3000
- Network: http://0.0.0.0:3000
✓ Starting...
✓ Ready in 70ms
Ok, so I tried with various different options.
It seems when with the variable TRACKER_SCRIPT_NAME=m the team page can't be accessed. If I take that one out, I can access the page.
So if I run it without that variable, I have to update the script on all websites?
Since you're using Nginx, just add a rewrite rule to the default script name.
All the variable does is add a rewrite rule. Since you called it m and team ends with m, it matched the rewrite rule.
All the variable does is add a rewrite rule. Since you called it
mand team ends withm, it matched the rewrite rule.
Maybe we can fix this problem? While so many ad blockers ban the default tracker script name, we usually need to customize it and will probably encounter this problem.
@FHU-yezi it works fine if you give it a unique name like /dytg4384tghf.js
@MatthK are you still on 2.12? we had a lot of bug fixes since then
So I got it to work. I added the following to my nginx proxy's site config:
location /m {
proxy_pass http://192.168.7.8:3000/script.js;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 200M;
}
Then I removed the -e TRACKER_SCRIPT_NAME=m \ line from the docker start command.
@mikecao and no, I updated quite some time ago to the latest V.2.15.1.