Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(dav): ajax request check on public remote endpoints #42853

Merged
merged 1 commit into from
Jan 17, 2024
Merged

fix(dav): ajax request check on public remote endpoints #42853

merged 1 commit into from
Jan 17, 2024

Conversation

skjnldsv
Copy link
Member

Fix #42200

Context

The original legacy (8+ years) check used to search for an exact header match

But after #39924 (I think) the check went wrong and we ended up with this
image

@skjnldsv skjnldsv added this to the Nextcloud 29 milestone Jan 16, 2024
@skjnldsv skjnldsv requested review from juliusknorr and a team January 16, 2024 16:46
@skjnldsv skjnldsv self-assigned this Jan 16, 2024
@skjnldsv skjnldsv requested review from ArtificialOwl, nfebe and sorbaugh and removed request for a team January 16, 2024 16:46
@skjnldsv skjnldsv mentioned this pull request Jan 16, 2024
Closed
8 tasks
@skjnldsv skjnldsv requested a review from come-nc January 16, 2024 16:47
@skjnldsv
Copy link
Member Author

/skjnldsv-backport to stable28

@skjnldsv skjnldsv added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Jan 16, 2024
Altahrim
Altahrim approved these changes Jan 16, 2024
View reviewed changes
apps/dav/appinfo/v1/publicwebdav.php Outdated Show resolved Hide resolved
@blizzz blizzz mentioned this pull request Jan 16, 2024
Merged
susnux
susnux previously requested changes Jan 16, 2024
View reviewed changes
apps/dav/appinfo/v1/publicwebdav.php Outdated Show resolved Hide resolved
@skjnldsv
fix(dav): ajax request check on public remote endpoints
20a0b9c 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
@skjnldsv
Copy link
Member Author

Was failing because master was broken with An exception occurred while executing a query: SQLSTATE[HY000]: General error: 1 table oc_appconfig has no column named lazy.
Rebased and cypress works now

@skjnldsv skjnldsv merged commit 2ac6336 into master Jan 17, 2024
50 checks passed
@skjnldsv skjnldsv deleted the fix/ajax-check-public-remote branch January 17, 2024 09:40
@backportbot backportbot

This comment was marked as resolved.

Sign in to view
@skjnldsv

This comment was marked as resolved.

Sign in to view
@skjnldsv

This comment was marked as resolved.

Sign in to view
2 similar comments
@skjnldsv

This comment was marked as resolved.

Sign in to view
@skjnldsv

This comment was marked as resolved.

Sign in to view
@backportbot backportbot

This comment was marked as resolved.

Sign in to view
@skjnldsv skjnldsv mentioned this pull request Jan 17, 2024
Merged
@skjnldsv
Copy link
Member Author

#42882

@AsamK AsamK mentioned this pull request Feb 3, 2024
Closed
8 tasks
@michnovka
Copy link

This fix did not solve everything. I cannot see image previews on public share links (my.cloud/s/XXXXXX), and I see that PROPFIND request to public.php/webdav/ gives the 401 error. Using the workaround mentioned in the original issue - #42200 (comment) fixes this problem

@susnux
Copy link
Contributor

susnux commented Feb 9, 2024

@michnovka are you sure your Webserver correctly forwards all headers to PHP?
Especially X_REQUESTED_WITH

@michnovka
Copy link

I am using the nginx config from https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html (checked after update to 28.0.2 and it is identical to this one)

@michnovka
Copy link

@susnux I confirmed with adding var_dump($_SERVER) to public.php, and yes, all headers are passed. However, the X_REQUESTED_WITH header is not sent by JS request. See below request copied as CURL:

curl 'https://my.cloud/public.php/webdav/' --compressed -X PROPFIND -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0' -H 'Accept: text/plain,application/xml' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: text/plain;charset=UTF-8' -H 'Content-Length: 608' -H 'Depth: 0' -H 'Origin: https://my.cloud' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-origin' -H 'Authorization: Basic TlFQc2lGRnFzQW15eTZTOg==' -H 'Connection: keep-alive' -H 'Cookie: __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oc_sessionPassphrase=Tx3WTgJgIEIh0tkzXDMS3SvKZh3uiHenQaheDpb7%2BlDniZLexVDwYR%2F3OBmPBylRMyqnVxioHvVoPE8tTEKMLeUgZcO%2FUw%2Fp6rLLKJIm8hBle%2F2rKCmkn4FGi%2Fegt%2B%2Bj; ochoj4cc0e60=leb2vdq41oc2dr24i8pgvi5puf; nc_username=tomas; nc_token=JQl6MEydCWbUlt43KO%2B0UyEeFb%2BCGFnl; nc_session_id=leb2vdq41oc2dr24i8pgvi5puf' -H 'TE: trailers'

@blizzz blizzz mentioned this pull request Mar 5, 2024
Merged
@kesselb
Copy link
Contributor

kesselb commented Apr 17, 2024

/backport to stable24

#39924 was manually backported to 24, and therefore we need this change for 24 too.

@backportbot backportbot
Copy link

backportbot bot commented Apr 17, 2024

The backport to stable24 failed. Please do this backport manually.

# Switch to the target branch and update it
git checkout stable24
git pull origin stable24

# Create the new backport branch
git checkout -b backport/42853/stable24

# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts, resolve them
git cherry-pick 20a0b9cb

# Push the cherry pick commit to the remote repository and open a pull request
git push origin backport/42853/stable24

Error: No changes found in backport branch

Learn more about backports at https://docs.nextcloud.com/server/stable/go.php?to=developer-backports.

@kesselb kesselb mentioned this pull request Apr 17, 2024
Merged
6 tasks
@kesselb
Copy link
Contributor

kesselb commented Apr 17, 2024
edited
Loading

Manual backport for 24: #44895

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@come-nc come-nc come-nc approved these changes

@artonge artonge artonge approved these changes

@Altahrim Altahrim Altahrim approved these changes

@AndyScherzinger AndyScherzinger AndyScherzinger approved these changes

@susnux susnux susnux left review comments

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl was automatically assigned from nextcloud/server-backend

@nfebe nfebe Awaiting requested review from nfebe nfebe was automatically assigned from nextcloud/server-backend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh was automatically assigned from nextcloud/server-backend

Assignees

@skjnldsv skjnldsv

Labels
4. to release Ready to be released and/or waiting for tests to finish 28-feedback bug feature: dav regression
Projects
None yet
Milestone
Nextcloud 29
Development

Successfully merging this pull request may close these issues.

Public shared links refreshing continuously since v28 upgrade
8 participants
@skjnldsv @michnovka @susnux @kesselb @AndyScherzinger @Altahrim @artonge @come-nc