Skip to content

Shared Public HTTP gallery link: No content after returning later #16698

Closed
Closed
Shared Public HTTP gallery link: No content after returning later#16698
Labels
0. Needs triagePending check for reproducibility or if it fits our roadmapbugneeds infostaleTicket or PR with no recent activity
@Gregorybe2005

Description

@Gregorybe2005
Gregorybe2005
opened on Aug 9, 2019

Steps to reproduce

  1. Share public non-secure http link
  2. Edit the link so its links to the gallery by adding "apps/gallery/: /index.php/apps/gallery/s/beaPoJFYmHZBmyn
  3. Link works on third party computer
  4. Open the link later on, on the third party computer

Expected behaviour

Showing the gallery view again

Actual behaviour

The interface loads without the content/folders.

In the network view, files are being loaded, and one of the last files that is loaded is:
.../nextcloud/index.php/apps/gallery/config.public?token=beaPoJFYmHZBmyn
In (/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php) a CrossSiteRequestForgeryException is thrown on line 174

Server configuration

Debian GNU/Linux 8.11 (jessie)
Apache/2.4.10
mysqlnd 5.0.12
PHP Version 7.3.7

**Nextcloud version: 16.0.3 **

Updated from an older Nextcloud/ownCloud or fresh install: 12.0.2
Where did you install Nextcloud from: Web installer

List of activated apps:

App list Enabled: - accessibility: 1.2.0 - activity: 2.9.1 - cloud_federation_api: 0.2.0 - comments: 1.6.0 - dav: 1.9.2 - federatedfilesharing: 1.6.0 - federation: 1.6.0 - files: 1.11.0 - files_external: 1.7.0 - files_pdfviewer: 1.5.0 - files_rightclick: 0.13.0 - files_sharing: 1.8.0 - files_texteditor: 2.8.0 - files_trashbin: 1.6.0 - files_versions: 1.9.0 - files_videoplayer: 1.5.0 - firstrunwizard: 2.5.0 - gallery: 18.3.0 - logreader: 2.1.0 - lookup_server_connector: 1.4.0 - nextcloud_announcements: 1.5.0 - notifications: 2.4.1 - oauth2: 1.4.2 - password_policy: 1.6.0 - privacy: 1.0.0 - provisioning_api: 1.6.0 - ransomware_protection: 1.4.0 - recommendations: 0.4.0 - serverinfo: 1.6.0 - sharebymail: 1.6.0 - socialsharing_facebook: 1.0.4 - support: 1.0.0 - survey_client: 1.4.0 - systemtags: 1.6.0 - theming: 1.7.0 - twofactor_backupcodes: 1.5.0 - updatenotification: 1.6.0 - viewer: 1.0.0 - workflowengine: 1.6.0 Disabled: - admin_audit - bruteforcesettings - encryption - unsplash - user_ldap

Nextcloud configuration:

Config report 
    "system": {
        "loglevel": 0,
        "log_type": "file",
        "logfile": "\/datadisk\/www\/nextcloud\/nextcloud.log",
        "logdateformat": "F d, Y H:i:s",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "fw.gretech.be:13180",
            "fw.gretech.be:13143",
            "next.netcloud.be:13143",
            "next.netcloud.be:13180"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrote.cli.url": "\/nextcloud",
        "htaccess.RewriteBase": "\/nextcloud",
        "dbtype": "mysql",
        "version": "16.0.3.0",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "php",
        "mail_smtpauthtype": "LOGIN",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "updater.release.channel": "production",
        "theme": "",
        "updater.secret": "***REMOVED SENSITIVE VALUE***",
        "simpleSignUpLink.shown": false,
        "overwrite.cli.url": "http:\/\/next.netcloud.be:13180\/nextcloud"
    }
}

Are you using encryption: no

Client configuration

Browser: Chrome
Operating system: Windows 7

Logs

Nextcloud log (data/nextcloud.log)

Nextcloud log 
{"reqId":"mx5qXa4yWfnS067XbiCQ","level":0,"time":"August 08, 2019 23:37:34","remoteAddr":"84.193.30.60","user":"--","app":"core","method":"GET","url":"\/nextcloud\/index.php\/apps\/gallery\/config.public?token=beaPosage":{"Exception":"OC\\AppFramework\\Middleware\\Security\\Exceptions\\CrossSiteRequestForgeryException","Message":"CSRF check failed","Code":412,"Trace":[{"file":"\/datadisk\/www\/nextcloud\/lib\/private\/AppFrame\/MiddlewareDispatcher.php","line":95,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware","type":"->","args":[{"__class__":"OCA\\Gallery\\Controller\\ConfigPublicContro"file":"\/datadisk\/www\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":97,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->","args":[{"__clasry\\Controller\\ConfigPublicController"},"get"]},{"file":"\/datadisk\/www\/nextcloud\/lib\/private\/AppFramework\/App.php","line":126,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","a_":"OCA\\Gallery\\Controller\\ConfigPublicController"},"get"]},{"file":"\/datadisk\/www\/nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\","args":["ConfigPublicController","get",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"gallery.config_public.get"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteAcpe":"->","args":[{"_route":"gallery.config_public.get"}]},{"file":"\/datadisk\/www\/nextcloud\/lib\/private\/Route\/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\ler"},{"_route":"gallery.config_public.get"}]},{"file":"\/datadisk\/www\/nextcloud\/lib\/base.php","line":975,"function":"match","class":"OC\\Route\\Router","type":"->","args":["\/apps\/gallery\/config.public"]},{"f\/www\/nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/datadisk\/www\/nextcloud\/lib\/private\/AppFramework\/Middleware\/Security\/SecurityMiddleware.php","LMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/75.0.3770.142 Safari\/537.36","version":"16.0.3.0"}
root@next:/datadisk/www/nextcloud# tail /datadisk/www/nextcloud/nextcloud.log
{"reqId":"mx5qXa4yWfnS067XbiCQ","level":0,"time":"August 08, 2019 23:37:34","remoteAddr":"84.193.30.60","user":"--","app":"core","method":"GET","url":"\/nextcloud\/index.php\/apps\/gallery\/config.public?token=beaPosage":{"Exception":"OC\\AppFramework\\Middleware\\Security\\Exceptions\\CrossSiteRequestForgeryException","Message":"CSRF check failed","Code":412,"Trace":[{"file":"\/datadisk\/www\/nextcloud\/lib\/private\/AppFrame\/MiddlewareDispatcher.php","line":95,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware","type":"->","args":[{"__class__":"OCA\\Gallery\\Controller\\ConfigPublicContro"file":"\/datadisk\/www\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":97,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->","args":[{"__clasry\\Controller\\ConfigPublicController"},"get"]},{"file":"\/datadisk\/www\/nextcloud\/lib\/private\/AppFramework\/App.php","line":126,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","a_":"OCA\\Gallery\\Controller\\ConfigPublicController"},"get"]},{"file":"\/datadisk\/www\/nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\","args":["ConfigPublicController","get",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"gallery.config_public.get"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteAcpe":"->","args":[{"_route":"gallery.config_public.get"}]},{"file":"\/datadisk\/www\/nextcloud\/lib\/private\/Route\/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\ler"},{"_route":"gallery.config_public.get"}]},{"file":"\/datadisk\/www\/nextcloud\/lib\/base.php","line":975,"function":"match","class":"OC\\Route\\Router","type":"->","args":["\/apps\/gallery\/config.public"]},{"f\/www\/nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/datadisk\/www\/nextcloud\/lib\/private\/AppFramework\/Middleware\/Security\/SecurityMiddleware.php","LMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/75.0.3770.142 Safari\/537.36","version":"16.0.3.0"}

Browser log

Browser log In the network view, files are being loaded, and one of the last files that is loaded is: .../nextcloud/index.php/apps/gallery/config.public?token=beaPoJFYmHZBmyn In (/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php) a CrossSiteRequestForgeryException is thrown on line 174

Metadata

Metadata

Assignees

No one assigned

    Labels

    0. Needs triagePending check for reproducibility or if it fits our roadmapbugneeds infostaleTicket or PR with no recent activity

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions