Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP Upload: Token mismatch because of missing mime-type #90

Closed
cweiske opened this issue May 2, 2021 · 4 comments
Closed

HTTP Upload: Token mismatch because of missing mime-type #90

cweiske opened this issue May 2, 2021 · 4 comments

Comments

@cweiske
Copy link

cweiske commented May 2, 2021

When uploading a file via HTTP upload to my prosody xmpp server, I get an error:

Upload error
Error transferring
https://xmpp-files.cweiske.de/share_v2.php/c36a3cba-5ae7-4e3b-80f3-11ccab196540/404-Dead_Link.jpg?v2=somehashbar

  • server replied: Forbidden; HTTP code 403, message: Forbidden

In my server's error logs, I see

PHP message: Token mismatch: calculated somehashfoo got somehashbar

I am using prosody's https://modules.prosody.im/mod_http_upload_external.html with share_v2.php.

The reason for the problem is that psi's http upload plugin does not send the Content-Type in the HTTP PUT request. This means that the server-side share_v2.php script falls back to using "application/octet-stream" as mime type, and calculates the wrong signature.

Psi's upload plugin already sends the correct mime type to the XMPP server to get the upload URL:

<iq from='foo@cweiske.de' id='ab51a' to='meet.cweiske.de' type='get'>
  <request xmlns='urn:xmpp:http:upload'>
    <filename>404-Dead_Link.jpg</filename>
    <size>19537</size>
    <content-type>image/jpeg</content-type>
  </request>
</iq>
<iq to="foo@cweiske.de/laptop" id="ab51a" from="meet.cweiske.de" type="result">
  <slot xmlns="urn:xmpp:http:upload">
    <get>https://xmpp-files.cweiske.de/share_v2.php/c36a3cba-5ae7-4e3b-80f3-11ccab196540/404-Dead_Link.jpg</get>
    <put>https://xmpp-files.cweiske.de/share_v2.php/c36a3cba-5ae7-4e3b-80f3-11ccab196540/404-Dead_Link.jpg?v2=somehashbar</put>
  </slot>
</iq>

It just fails to submit it via the actual upload.

Versions:

  • Psi+ v1.4.554 (2021-01-26, Psi:94590587, Psi+:7d675e3) (Debian Bullseye (testing))
  • http upload plugin 0.1.0 (that's what the plugin list says), package psi-plus-plugins 1.4.554-5
@Ri0n
Copy link
Member

Ri0n commented May 2, 2021
edited
Loading

"application/octet-stream" looks fine to me.
Well I can put it explicitly to the headers. Not sure if it helps.

@cweiske
Copy link
Author

cweiske commented May 2, 2021

But then the XMPP request must include the same mime type. Currently it's sending <content-type>image/jpeg</content-type>.

@Ri0n
Copy link
Member

Ri0n commented May 2, 2021

oh I see. Let me reread the xep

@cweiske
Copy link
Author

cweiske commented May 2, 2021

https://xmpp.org/extensions/xep-0363.html#upload

The service SHOULD reject the file if the Content-Type has been specified beforehand and does not match.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Ri0n @cweiske