Error displaying company logo/ user logo: All files in /public/storage/*/*.jpg or .png -> Server Error 403 forbidden, 404: Font not loading because of case sensitive

[Contributolo]

Describe the bug

1. Error displaying company logo/ user logo: All files which I upload showing 403 forbidden error. I cannot acces files uploaded to: "public/storage//". I can acces files in the public folder from other directories without problems: "public/build/img/" or "public/favicons/". All folders have the exact same chmod configuration (see my attached images).

2. Console is showing 404 error for: public/build/fonts/Poppins-Semibold.ttf -> you can find Poppins-SemiBbold.ttf. When you upload Poppins-Semibold.ttf or rename the existing file, the error is gone.

Expected behavior
See the images which I upload.

Please complete the following information:

• Crater version: 6.02
• PHP version: 7.4.27
• Database type and version: 10.5.13

Optional info

• OS: CloudLinux
• Browser: All Browsers

[Contributolo]

The following Apache Error is happening:

Error | | | .817651 [INFO] [1314412] [T0] [69.94.126.117:59932-H3:CAB0FA9351C95025-76#APVH_sub.domain.com:443] Found symbolic link, or owner of symbolic link and link target does not match for path [/var/www/vhosts**/domain.com/sub.domain.com/**public/storage/3/user-image.jpg], access denied. ret=-1, errno=13

Is it maybe because of Plesk setting "FollowSymLink in .htaccess" to harden the security? Can this be fixed? It is only happening with the company and user logos :-/.

Big thank you in advance :) @mohitpanjwani . And big thank you for this awesome pice of software! It was exactly what Im was looking for :)!!!

[Contributolo]

@mohitpanjwani the issue is leading to broken Logo in emails too :-/. Do you have any suggestion?

[mohitpanjwani]

I am not too sure as I personally don’t use apache. Perhaps someone else can help you out on discord or try searching for similar issues on google.

https://laracasts.com/discuss/channels/laravel/symbolic-link-from-storage-to-public-not-working?page=1

Mainly the issue is with symlink which is required for images.

[Contributolo]

The thing is, it only happens with the company images and personal images. All other images are accessible.

[Contributolo]

@mohitpanjwani I investigated forther and it is because default is "followsymlink" off and the "public/storage" is only a link...
Normally that option is off/ restricted because of security concerns:
https://docs.plesk.com/en-US/obsidian/administrator-guide/plesk-administration/securing-plesk/mitigating-the-symlinks-vulnerability.79045/

Must it be a symlink or can this be a normal folder too? So I can deactivate this again? Thank you in advance :).

[mohitpanjwani]

Unfortunately there’s no way around this as it’s the suggested workflow in laravel framework.