Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug - Javascript error in customer TicketZoom #560

Open
afleury88 opened this issue Apr 30, 2024 · 10 comments
Open

Bug - Javascript error in customer TicketZoom #560

afleury88 opened this issue Apr 30, 2024 · 10 comments
Labels
4 - clarification The issue or pull requests needs more information.

Comments

@afleury88
Copy link

Environment

  • Server OS: Debian 11, Debian 12
  • Browser: Firefox
  • Znuny version: 7.0.17

Expected behavior

The customer user should be able to see the full article written by an agent.

Actual behavior

In place of the detailed article there is a javascript error (I put the sreenshots to better understanding)

How to reproduce

Steps to reproduce the behavior:

  1. Go to localhost/znuny/customer.pl
  2. Click on the first ticket
  3. See error

Additional information

Using the firefox console I saw an error about the Iframe, saying it is undefined (you can see that on the second screenshot).
I didn't touch these files, I only modified the Config.pm

I hope I gave enough informations. If not tell me and I will do my possible to give you the informations needed.

Thank you for your time :)

Screenshots

InkedCapture d’écran du 2024-04-30 14-10-35_LI

Capture d’écran du 2024-04-30 15-41-01
@rkaldung
Copy link
Member

rkaldung commented May 2, 2024

@afleury88 I can reproduce the error in the JavaScript console. I'm wondering about the login screen in the iframe. Is there anything non-default with the Znuny installation or the browser?

@rkaldung rkaldung added the 4 - clarification The issue or pull requests needs more information. label May 2, 2024
@afleury88
Copy link
Author

Hello,
No, everything is default except for the logo ^^ We tried also with chromium and there is the same issue.
For the record, I rolled back to Znuny 6.5 LTS (because we need the customer interface) and it works just fine.
But I must mention there is a WAF working as a reverse proxy in front of the web app.
Thank you for your help :)

@rkaldung
Copy link
Member

rkaldung commented May 2, 2024

@afleury88 Any change to bypass the WAF to see if this might causing the issue?

@afleury88
Copy link
Author

afleury88 commented May 2, 2024
edited

@rkaldung I just tried without passing through the WAF (direct between my computer and the web server) and there is the same issue.
So the WAF is not in cause ^^

@iali9906
Copy link

iali9906 commented May 3, 2024

hi @afleury88
it had happened to me too, after contacting the developers on discord it turned out that it is not bug, but wrong conf:

your FQDN and your HTTPType don't match/match the called ones.
Then the cookie cannot be set and the Session URL is used, which is just a bad fallback.
One of the two does not match the real world
httptype or fqdn
if you connect via https, then https should also be the httptype

see SysConfig -> HttpType and SysConfig -> FQDN

@afleury88
Copy link
Author

hello @iali9906
Thanks for your help but unfortunately this isn't the problem.

The httptype was already set to https and after correcting the fqdn it didn't change anything about my issue :/

@afleury88
Copy link
Author

Hello everyone,

I just found what was the "config setting" which was getting me in trouble.
It was the SessionUseCookie when activated. When I deactivated it there was no issue anymore.
BUT by doing this the cookie of the session is now visible in the URL, which is a HUGE problem in terms of security.

PS : my web server is configured to prevent those things but it seems that ZNUNY is not willing to let it be.

Any idea how I could correct this ?

Thanks for your help :)

@mo-azfar
Copy link

mo-azfar commented May 6, 2024
edited

Hello everyone,

I just found what was the "config setting" which was getting me in trouble. It was the SessionUseCookie when activated. When I deactivated it there was no issue anymore. BUT by doing this the cookie of the session is now visible in the URL, which is a HUGE problem in terms of security.

PS : my web server is configured to prevent those things but it seems that ZNUNY is not willing to let it be.

Any idea how I could correct this ?

Thanks for your help :)

For the SessionCookie,

Did you changed the ScriptAlias value? If you changed that, make sure also change it at $HOME/scripts/apache2-httpd.include.conf (with the expectation you already symlink it to apache config as well)

@afleury88
Copy link
Author

Hello @mo-azfar,

Actually I changed the ScriptAlias value at $HOME/scripts/apache2-httpd.include.conf and everywhere else except in the SysConfig GUI.
So when I did that everything was back to normal.

Thanks everyone for your time and your help.

@mo-azfar
Copy link

mo-azfar commented May 6, 2024

Hello @mo-azfar,

Actually I changed the ScriptAlias value at $HOME/scripts/apache2-httpd.include.conf and everywhere else except in the SysConfig GUI.
So when I did that everything was back to normal.

Thanks everyone for your time and your help.

Glad to hear that. However i would not close the issue yet as the JS error still there in console log event though didn't impact customer user experience (at least)

@afleury88 afleury88 reopened this May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
4 - clarification The issue or pull requests needs more information.
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rkaldung @afleury88 @mo-azfar @iali9906