Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Too many redirects for shared image links (direct link) #542

Closed
WiegerS opened this issue Jul 24, 2016 · 8 comments
Closed

Too many redirects for shared image links (direct link) #542

WiegerS opened this issue Jul 24, 2016 · 8 comments

Comments

@WiegerS
Copy link

WiegerS commented Jul 24, 2016

screenshot_1280

Steps to reproduce

  1. Install brand new NextCloud 9.0.53 (using Apache or nginx, does not matter).
  2. Share some image.
  3. Put direct link to the image in an IMG-tag (e.g. on a bulletin board).

Expected behaviour

Picture should display inside browser (e.g. on a bulletin board).

Actual behaviour

Browser errors out with a 'too many redirects'-error.

Server configuration

Operating system:
FreeBSD

Web server:
Apache or nginx, with or without reverse proxy, does not matter.

Database:
MySQL

PHP version:
Tried both PHP 5.6 and PHP 7.0.

Nextcloud version: (see Nextcloud admin page)
9.0.53

Updated from an older Nextcloud/ownCloud or fresh install:
Happens on fresh install too.

Where did you install Nextcloud from:
Official website; https://nextcloud.com

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

The content of config/config.php:

Config report

Happens on fresh install. So config set to defaults.

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or 

Insert your config.php content here
(Without the database password, passwordsalt and secret)

Default apps (fresh install).

Are you using external storage, if yes which one: local/smb/sftp/...
No
Are you using encryption: yes/no
No
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
No

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your Nextcloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.
### Client configuration

Browser:
Chrome as well as Firefox, also CURL when Cookie-header specified! (does not happen with CURL if no Cookie-headers specified for direct link to image).
Operating system:
Ubuntu 16.04, Windows 7, does not matter really.

Logs

Web server error log

Web server error log

Insert your webserver log here
#### Nextcloud log (data/nextcloud.log)

Nextcloud log

Insert your Nextcloud log here
#### Browser log

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...
Something like this in red:
net::ERR_TOO_MANY_REDIRECTS

Network tab shows a bunch of visits to the same image link (direct link). "Location:"-header points to same link... HTTP/1.1 302 Found code. Also seeing strict and lax cookie-headers (both at the same time).


#### Workaround

Workaround

Workaround seems to be a "return"-statement as the first line of the 'performSameSiteCookieProtection'-function in lib/base.php.
@sthag
Copy link

sthag commented Aug 12, 2016

I've got this problem too.
I also installed a fresh version of Nextcloud and currently I have version 9.0.52
I used ownCloud before and wanted to switch over to Nextcloud. I was prepared to substitude every direct link I placed in a myBB forum but had to realise that it is not working any more.

@WiegerS Is it ok to use the workaround you mention in your post?

@WiegerS
Copy link
Author

WiegerS commented Aug 12, 2016

When you use that 'workaround' I specified you are disabling some security measure which somehow seems to cause the redirect loop for direct links.

Though I would not recommend meddling with the code (maybe it breaks some essential things though direct links do seem to work when disabling the function). Haven't gone into much depth in this regard myself. ;-)

I've gone back to ownCloud some weeks ago, which does not have this issue currently. I'm not really broken up about it though because I'm more of an enthusiastic user than a professional, enterprise-grade user.

@sthag
Copy link

sthag commented Aug 15, 2016

Thank you for your answer @WiegerS
So what I now like to know is, if this is considered a bug. Will this be fixed in one of the next versions?
Sadly this behaviour renders Nextcloud useless for me.

@rullzer
Copy link
Member

rullzer commented Sep 4, 2016

Well the behaviour is intentional. We have a lot of security meachanism in place of which a lot of them are even enabled on the public link page. (CC @LukasReschke)

Also using the download link is very suboptimal as on that we set headers that actually indicate to your browser to download the file.

I know this has come up before. And I'm still not sure how to do it properly. Another endpoint? And another button. UX wise this is all not easy.

@sthag
Copy link

sthag commented Nov 18, 2016

@rullzer Would it be of any help if I make some UI drafts for an integration of such a feature?

For me this would be a huge step forward in usability of nextcloud. I need to use these direct links, especially for images, quite often. As @WiegerS already stated usage within forums is one good example.
I'm already accustomed to use direct links from dropbox and owncloud for many things also.
Of course, I totally understand that this has to be done right.

I have two main usage scenarios in my mind right now:

  1. A single file which is shared via link afterwards has a button or field with url to copy for direct linking.
  2. A shared folder gives this feature to every contained file. I think in owncloud it was possible to copy the shared url and just change the file names for direct access to the files within a shared folder.

@aStonedPenguin
Copy link

I don't know why this is marked as an enhancement when in previous versions it was common practice to embed download links. This is a bug not an enhancement.

@mbommir1
Copy link

Facing the same issue in Chrome (keeps redirecting to the same location) but Firefox seems to load the images just fine.
@rullzer any advancements/updates planned on this issue?

@MorrisJobke
Copy link
Member

Duplicate of #2523

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants