Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OneDrive option fails to load #112

Open
Bednaross opened this issue Apr 6, 2023 · 2 comments
Open

OneDrive option fails to load #112

Bednaross opened this issue Apr 6, 2023 · 2 comments
Labels
Checked

Comments

@Bednaross
Copy link

Bednaross commented Apr 6, 2023
edited

Hi guys!
It seems that we are not able to enable the “OneDrive” option when hosting this image on our Rancher/K8s cluster.

image
"Refused to load http://drwio.company/js/onedrive/OneDrive.js because it does not appear in the script-src directive of the Content Security Policy.
https://drawio.company./js/mermaid.min.js.map
Failed to load resource: the server responded with a status of 404 ()
"
image

It works on a Docker though:
docker run -it --rm --name="draw" -e DRAWIO_MSGRAPH_CLIENT_ID=< CLIENT_ID > -e DRAWIO_MSGRAPH_CLIENT_SECRET=< CLIENT_SECRET > -p 8080:8080 -p 8443:8443 jgraph/drawio
or
docker run -it --rm --name="draw" -e DRAWIO_MSGRAPH_CLIENT_ID=< CLIENT_ID > -e DRAWIO_MSGRAPH_CLIENT_SECRET=< CLIENT_SECRET > -e DRAWIO_BASE_URL= -p 8080:8080 -p 8443:8443 jgraph/drawio

In addition:
• Ports 8080/8433 are open
• Rancher’s Ingress works fine
• We have an APP registration in Azure with a correct redirect URIs, App proxy etc.
• No errors in logs:

Init PreConfig.js
(function() {
  try {
	    var s = document.createElement('meta');
	    s.setAttribute('content', 'default-src \'self\'; script-src \'self\' https://storage.googleapis.com https://apis.google.com https://docs.google.com https://code.jquery.com \'unsafe-inline\'; connect-src \'self\' https://*.dropboxapi.com https://api.trello.com https://api.github.com https://raw.githubusercontent.com https://*.googleapis.com https://*.googleusercontent.com https://graph.microsoft.com https://*.1drv.com https://*.sharepoint.com https://gitlab.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src * data:; media-src * data:; font-src * about:; style-src \'self\' \'unsafe-inline\' https://fonts.googleapis.com; frame-src \'self\' https://*.google.com;');
	    s.setAttribute('http-equiv', 'Content-Security-Policy');
 	    var t = document.getElementsByTagName('meta')[0];
      t.parentNode.insertBefore(s, t);
  } catch (e) {} // ignore
})();
window.DRAWIO_BASE_URL = 'http://localhost:8080';
window.DRAWIO_VIEWER_URL = '';
window.DRAWIO_LIGHTBOX_URL = '';
window.DRAW_MATH_URL = 'math/es5';
window.DRAWIO_CONFIG = null;
urlParams['sync'] = 'manual'; //Disable Real-Time
urlParams['db'] = '0'; //dropbox
urlParams['gh'] = '0'; //github
urlParams['tr'] = '0'; //trello
urlParams['gapi'] = '0'; //Google Drive
window.DRAWIO_MSGRAPH_CLIENT_ID = 'DELETED';
urlParams['gl'] = '0'; //Gitlab
Init PostConfig.js
window.VSD_CONVERT_URL = null;
window.ICONSEARCH_PATH = null;
EditorUi.enableLogging = false; //Disable logging
window.EMF_CONVERT_URL = null;
App.prototype.isDriveDomain = function() { return true; }
Generating Self-Signed certificate
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: selfsigned
Creation date: Apr 6, 2023
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=draw.example.com, OU=Cloud Native Application, O=example inc, L=Paris, ST=Paris, C=FR
Issuer: CN=draw.example.com, OU=Cloud Native Application, O=example inc, L=Paris, ST=Paris, C=FR
Serial number: 463d99b6
Valid from: Thu Apr 06 07:35:38 UTC 2023 until: Sat Feb 12 07:35:38 UTC 2033
Certificate fingerprints:
	 SHA1: DELETED
	 SHA256: DELETED
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
DELETED                                       #...
]
]
*******************************************
*******************************************
Append https connector to server.xml
Using CATALINA_BASE:   /usr/local/tomcat
Using CATALINA_HOME:   /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME:        /opt/java/openjdk
Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Using CATALINA_OPTS:
NOTE: Picked up JDK_JAVA_OPTIONS:  --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
06-Apr-2023 07:35:40.013 WARNING [main] org.apache.catalina.core.StandardContext.setPath A context path must either be an empty string or start with a '/' and do not end with a '/'. The path [/] does not meet these criteria and has been changed to []
06-Apr-2023 07:35:40.058 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/9.0.73
06-Apr-2023 07:35:40.058 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Feb 27 2023 15:33:40 UTC
06-Apr-2023 07:35:40.058 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.73.0
06-Apr-2023 07:35:40.058 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
06-Apr-2023 07:35:40.059 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            4.14.138-rancher
06-Apr-2023 07:35:40.059 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
06-Apr-2023 07:35:40.059 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /opt/java/openjdk
06-Apr-2023 07:35:40.059 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           11.0.18+10
06-Apr-2023 07:35:40.059 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Eclipse Adoptium
06-Apr-2023 07:35:40.059 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /usr/local/tomcat
06-Apr-2023 07:35:40.059 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/tomcat
06-Apr-2023 07:35:40.061 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.lang=ALL-UNNAMED
06-Apr-2023 07:35:40.061 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.io=ALL-UNNAMED
06-Apr-2023 07:35:40.061 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.util=ALL-UNNAMED
06-Apr-2023 07:35:40.061 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.util.concurrent=ALL-UNNAMED
06-Apr-2023 07:35:40.061 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
06-Apr-2023 07:35:40.061 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
06-Apr-2023 07:35:40.061 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
06-Apr-2023 07:35:40.061 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
06-Apr-2023 07:35:40.061 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
06-Apr-2023 07:35:40.061 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
06-Apr-2023 07:35:40.061 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
06-Apr-2023 07:35:40.062 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
06-Apr-2023 07:35:40.062 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
06-Apr-2023 07:35:40.062 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
06-Apr-2023 07:35:40.066 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.36] using APR version [1.7.0].
06-Apr-2023 07:35:40.066 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true].
06-Apr-2023 07:35:40.066 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
06-Apr-2023 07:35:40.069 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 3.0.2 15 Mar 2022]
06-Apr-2023 07:35:40.359 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
06-Apr-2023 07:35:40.381 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"]
06-Apr-2023 07:35:40.560 INFO [main] org.apache.tomcat.util.net.AbstractEndpoint.logCertificate Connector [https-openssl-nio-8443], TLS virtual host [draw.example.com], certificate type [UNDEFINED] configured from [/usr/local/tomcat/.keystore] using alias [tomcat] and with trust store [null]
06-Apr-2023 07:35:40.603 INFO [main] org.apache.tomcat.util.net.AbstractEndpoint.logCertificate Connector [https-openssl-nio-8443], TLS virtual host [draw.example.com], certificate type [UNDEFINED] configured from [/usr/local/tomcat/.keystore] using alias [tomcat] and with trust store [null]
06-Apr-2023 07:35:40.605 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [768] milliseconds
06-Apr-2023 07:35:40.645 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
06-Apr-2023 07:35:40.645 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.73]
06-Apr-2023 07:35:41.090 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
06-Apr-2023 07:35:41.109 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/draw]
06-Apr-2023 07:35:41.309 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
06-Apr-2023 07:35:41.313 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/draw] has finished in [203] ms
06-Apr-2023 07:35:41.315 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
06-Apr-2023 07:35:41.325 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-nio-8443"]
06-Apr-2023 07:35:41.328 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [723] milliseconds

Any idea how to troubleshoot this issue or how to enable some kind of detailed logging info?
Thanks in advance!
@davidjgraph
Copy link

That suggests that "http://drwio.company/js/onedrive/OneDrive.js" is a different domain to the one you're serving the app on and the CSP isn't allowing it.

@NotUrNinja
Copy link

I have the same problem. It appears there are two different Azure AD features(?) and I'm only having an issue with one.

  • Azure AD Login Authorization to drawio webapp frontend (WORKING)
  • Azure AD authenticated OneDrive/Sharepoint integration. (NOT WORKING)

I believe I have configured the AAD App ID per instructions. This allows me to force authentication via Azure AD before reaching the draw.io web app. This initially threw a header size error but resolved with scaling the web app container to standard size from basic.

However, now that users can reach the application post initial launch authentication, onedrive option is presented but spins until timeout (like in the post above), which then leaves only local device access.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Checked
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@davidjgraph @m-mohamedin @Bednaross @NotUrNinja