Autoupdater breaks install

[derStephan]

Describe the bug
In snappy v2.15.0, I tried to use the new shiny auto-updater. It told me that there is a new version. When I clicked "update", the page reloaded after about a second and showed me that there was still an update to v2.15.1. I waited a minute and tried to reload the page where I ended up stuck with this message:

An error occurred.
Please refresh the page and try again. Failed loading /snappy/snappymail/v/2.15.1/static/js/min/libs.min.js

After that, I deleted v2.15.1 folder and changed the version in index.php to

define('APP_VERSION', '2.15.0');

That made the software work againand I could reproduce the behaviour again.

To Reproduce
Steps to reproduce the behavior:

1. Go to admin interface - about
2. Click on update
3. See error Failed loading /snappy/snappymail/v/2.15.1/static/js/min/libs.min.js

Expected behavior
Updated to v2.15.1

log
log-2022-04-30.txt

Desktop (please complete the following information):

• Firefox 99.0.1, Windows 10 x64
• SnappyMail Version 2.15.0

[the-djmaze]

Thanks for the log, but we need different logs.

• the Apache/Nginx error log
• PHP error log

This is because we want to know WHY libs.min.js does not exist.
Why is not extracted from the latest.tar.gz?
Or is there a different error?

[derStephan]

Thanks for the log, but we need different logs.

😂 Could have thought about it.

I attached the apache error_log.txt. Unfortunately, there is no PHP error log.

Looks like a permission problem?

[the-djmaze]

I see:

[fcgid:warn] [pid 27006] [client 92.117.61.39:30252] mod_fcgid: stderr: Extract to /…/httpdocs/mail/snappy
[fcgid:warn] [pid 27006] [client 92.117.61.39:30252] mod_fcgid: stderr: Update success

So that means the extraction worked.

But then:

AH00529: /…/httpdocs/mail/snappy/snappymail/v/2.15.1/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/…/httpdocs/mail/snappy/snappymail/v/2.15.1/' is executable

Are you using SELinux? If so, you should check the configuration.

[derStephan]

Are you using SELinux? If so, you should check the configuration.

This is a shared hoster using Plesk. I really don't know what is running in the background there. I can redo the test and check permissions on files and folders if this helps.

[Bagu]

Hello,

Same problem with different configuration.
Server : Windows x64
Apache : 2.4.53
Php : 7.4.29
FCGID : 2.3.10

No error in php and apache log.
Access rights are double checked and ok

[derStephan]

If @Bagu has this problem on windows then it is probably not related to SELinux.

Is there anything we can do for you here? Do you want to have a look at my shared hoster to see what's going on?

[Bagu]

Hello,

I have a lead. Looking closer, I have this message that appears in the console of firefox:
The resource at "https://mydomain.com/snappymail/v/2.15.1/static/js/min/libs.min.js" has been blocked due to an incorrect MIME type ("text/html") (X-Content-Type-Options: nosniff)

And when i try a direct access :
Your browser sent a request that this server could not understand.

[derStephan]

Did you disable auto updater feature? I wanted to give the updater another try.

I am currently on 2.16.1. The about page tells me that there is a 2.16.2 with a link to releases. But there is no button for auto update anymore.

Is there anything, we can help you with?

[Bagu]

Nothing new with this version.
To make it work, i have to replace every min version by the standard version.
Eg : i replace admin.min.js by a renamed version of admin.js

It seem that there is a mime type problem ?

[derStephan]

Any news on the auto-updater?

[the-djmaze]

Somehow i can't reproduce this issue.
All my systems are PHP-FPM.
SELinux is in permissive mode and the log shows no issues for it.

Did you find out?

[Bagu]

Nop. I'm under php 8.1.12 + fcgid + apache 2.4.54.
Nothing in php logs
Nothing in apache logs
Message "An error occurred. Please refresh the page and try again. Failed loading /snappymail\v\2.21.3\static/js/min/libs.min.js" shown in web page

Mozilla console show that app.min.css and libs.min.js can load and type is shown as html instead of css and js type.

[the-djmaze]

Open the Firefox developer tools.
Open the network tab.
Find the libs.min.js request and click on it.
On the right click on the response tab and see the content.
It should show the HTML and error/message why it failed.

[Bagu]

It show an error 400.

État 400 Bad Request
Version HTTP/3
Transfert 748 o (taille 0 o)
Politique de référent same-origin

La ressource à l’adresse « https://my-webmail-address/snappymail/v/2.21.3/static/css/app.min.css » a été bloquée en raison d’un type MIME (« text/html ») incorrect (X-Content-Type-Options: nosniff).
La ressource à l’adresse « https://my-webmail-address/snappymail/v/2.21.3/static/js/min/libs.min.js » a été bloquée en raison d’un type MIME (« text/html ») incorrect (X-Content-Type-Options: nosniff).

[the-djmaze]

I think i found the problem.
On extraction the directories are 0700 and your Apache runs as a different user then PHP.
I've made a modification to the upgrade script to set them to 0755.

But i also need to check the umask() and after that it might work.

[Bagu]

Good evening,
I have just tested the version available on github. There is no more the error concerning
https://my-webmail-address/snappymail/v/0.0.0/static/js/min/libs.min.js

but the one concerning
https://my-webmail-address/snappymail/v/0.0.0/static/css/app.min.css

is still there.
Is there a similar correction missing?
Thanks

[the-djmaze]

Could be, i'm still investigating

[Bagu]

I try v2.27.3 and still having the problem. I try remove every .htaccess modification of my vhost, but i don"t have any success.

[derStephan]

Hi. Any news on this one? Is there anything we can help with? I could do some testing, if you needed that.

[Bagu]

I've done a test : if i don't use HTTPS, it work.
An idea ?

[the-djmaze]

I've done a test : if i don't use HTTPS, it work.

Hmmm, i'm shooting in the dark. But maybe an issue in the HTTP/2 protocol handling?
I will think about it and see if something can be done.

[Bagu]

I've done a test : if i don't use HTTPS, it work.

Hmmm, i'm shooting in the dark. But maybe an issue in the HTTP/2 protocol handling? I will think about it and see if something can be done.

I did some tests by disabling mod_httpd2. Unfortunately, the result is the same. Several files are not sent by Apache when using https.

[Bagu]

I find the problem in my configuration :

	<IfModule mod_headers.c>
		# Sert des fichiers CSS compressés par brotli, s'ils existent
		# et si le client supporte brotli.
		RewriteCond "%{HTTP:Accept-encoding}" "br"
		RewriteCond "%{REQUEST_FILENAME}\.br" "-s"
		RewriteRule "^(.*)\.css"              "$1\.css\.br" [QSA]

		# Sert des fichiers JS compressés par brotli, s'ils existent
		# et si le client supporte brotli.
		RewriteCond "%{HTTP:Accept-encoding}" "br"
		RewriteCond "%{REQUEST_FILENAME}\.br" "-s"
		RewriteRule "^(.*)\.js"               "$1\.js\.br" [QSA]

		# Serve correct content types, and prevent double compression.
		RewriteRule "\.css\.br$" "-" [T=text/css,E=no-gzip:1]
		RewriteRule "\.js\.br$"  "-" [T=text/javascript,E=no-gzip:1]
		
		# Sert des types de contenu corrects, et évite la double compression.
		RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-brotli:1]
		RewriteRule "\.js\.gz$"  "-" [T=text/javascript,E=no-brotli:1]

		<FilesMatch "(\.js\.br|\.css\.br)$">
			# Sert un type d'encodage correct.
			Header append Content-Encoding br

			# Force les mandataires à mettre en cache séparément les fichiers css/js
			# compressés ou non par brotli.
			Header append Vary Accept-Encoding
		</FilesMatch>
	</IfModule>

If i remove these lines, snappy work in http and https.

[derStephan]

I tried auto updater again and unfortunately, it still does not work. There are a number of 403 errors with the message You don't have permission to access this resource.Server unable to read htaccess file, denying access to be safe

[the-djmaze]

Correct! The folders static and themes are 0700 and not 0755.
After next release the upgrades should work and the right chmod is applied.

If not there is probably a (selinux?) permissions conflict.

[derStephan]

So fixing rights to these folders will help for now?

[the-djmaze]

Yes it should

[derStephan]

yes, that fixed it. Thank you.

[derStephan]

I tried to auto update to current version 2.32.0 and it is the same problem again. Folder permissions were 0700 again. After setting them to 0755 manually, it worked again.

[the-djmaze]

Correct!
With the next update it should work fine

[derStephan]

I can confirm that it worked this time. Thanks!!!

[the-djmaze]

your welcome