Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Images not shown if not logged into the instance #971

Open
Tachi107 opened this issue Aug 14, 2020 · 0 comments
Open

Images not shown if not logged into the instance #971

Tachi107 opened this issue Aug 14, 2020 · 0 comments
Labels
bug Something isn't working

Comments

@Tachi107
Copy link

Tachi107 commented Aug 14, 2020
edited
Loading

Describe the bug
Posted pictures do not load.

To Reproduce
Steps to reproduce the behavior:

  1. Create a public post, attaching a picture
  2. Post it.

Expected behavior
The picture uploaded with the post should be publicly visible.

Actual behavior
The post is available in the fediverse, but only the text is shown. If on the social section of the Nextcloud instance of origin, a broken image icon is shown. If trying to navigate to the image URL, you get prompted to log into the instance. The image is only visible if logged in (with any account). Maybe a permissions problem? (See browser logs)

Screenshots
How the post appears on the fediverse: https://imgur.com/p4EzSxi.png
How the post appears on the Nextcloud instance of origin when not logged in: https://imgur.com/3BnFYkx.png
How the post appears on the Nextcloud instance of origin when logged in: https://imgur.com/ELFnjRR.png

Client details:

  • OS: Debian 11
  • Browser: Chromium 83
  • Device: Desktop
Server details **Social app version:** 0.3.1

Operating system:
Debian 10

Web server:
Nginx 18

Database:
PostgreSQL 12

PHP version:
PHP-FPM 7.3

Nextcloud version:
19

Logs

Nextcloud log (data/nextcloud.log)

No relevant logs :/

Browser log

(when going to the Nextcloud instance of origin without being logged in)

15974218013152811736:1 GET https://nextcloud.paoloap.ml/apps/social/document/get/resized?id=https://nextcloud.paoloap.ml/documents/local/f0d0eb9d-7566-4cbc-ab8c-91c8328412b6 401
15974218013152811736:1 GET https://nextcloud.paoloap.ml/avatar/tachi/32 404
social.js:190 GET https://nextcloud.paoloap.ml/apps/social/local/v1/post/replies?id=https://nextcloud.paoloap.ml/apps/social/@tachi/15974218013152811736&limit=5&since=1597430810 401
(anonymous) @ social.js:190
t.exports @ social.js:190
t.exports @ social.js:210
0.be8422e7b97e6802dd44.js:1 Failed to load more timeline entries Error: Request failed with status code 401
    at t.exports (social.js:190)
    at t.exports (social.js:210)
    at XMLHttpRequest.f.onreadystatechange (social.js:190)
(anonymous) @ 0.be8422e7b97e6802dd44.js:1

It really looks like Nextcloud is blocking the access to this images for security measures; it would be bad if everybody knowing just the URL of the picture could see it. Unfortunately, this breaks a lot of Social's functionalities. How could we grant access to this resources without compromising the security of the instance?
@Tachi107 Tachi107 added the bug Something isn't working label Aug 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Tachi107