Skip to content

fix(dav): ajax request check on public remote endpoints #42853

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
skjnldsv merged 1 commit into from
Jan 17, 2024
Merged

fix(dav): ajax request check on public remote endpoints #42853

skjnldsv merged 1 commit into from
Jan 17, 2024

Conversation

@skjnldsv
Copy link
Member

@skjnldsv skjnldsv commented Jan 16, 2024

Fix #42200

Context

The original legacy (8+ years) check used to search for an exact header match

But after #39924 (I think) the check went wrong and we ended up with this
image

@skjnldsv skjnldsv added this to the Nextcloud 29 milestone Jan 16, 2024
@skjnldsv skjnldsv requested review from a team and juliusknorr January 16, 2024 16:46
@skjnldsv skjnldsv self-assigned this Jan 16, 2024
@skjnldsv skjnldsv requested review from ArtificialOwl, nfebe and sorbaugh and removed request for a team January 16, 2024 16:46
@skjnldsv skjnldsv mentioned this pull request Jan 16, 2024
Closed
8 tasks
@skjnldsv skjnldsv requested a review from come-nc January 16, 2024 16:47
@skjnldsv
Copy link
Member Author

skjnldsv commented Jan 16, 2024

/skjnldsv-backport to stable28

@skjnldsv skjnldsv added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Jan 16, 2024
Altahrim
Altahrim approved these changes Jan 16, 2024
View reviewed changes
@blizzz blizzz mentioned this pull request Jan 16, 2024
Merged
susnux
susnux previously requested changes Jan 16, 2024
View reviewed changes
@skjnldsv skjnldsv force-pushed the fix/ajax-check-public-remote branch from 7a93dc8 to f0648d0 Compare January 17, 2024 06:37
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 17, 2024
View reviewed changes
@skjnldsv skjnldsv force-pushed the fix/ajax-check-public-remote branch from f0648d0 to a558c30 Compare January 17, 2024 06:44
@skjnldsv skjnldsv force-pushed the fix/ajax-check-public-remote branch from a558c30 to 20a0b9c Compare January 17, 2024 08:05
@skjnldsv
Copy link
Member Author

skjnldsv commented Jan 17, 2024

Was failing because master was broken with An exception occurred while executing a query: SQLSTATE[HY000]: General error: 1 table oc_appconfig has no column named lazy.
Rebased and cypress works now

@skjnldsv skjnldsv merged commit 2ac6336 into master Jan 17, 2024
@skjnldsv skjnldsv deleted the fix/ajax-check-public-remote branch January 17, 2024 09:40
@backportbot

This comment was marked as resolved.

Sign in to view
@skjnldsv

This comment was marked as resolved.

Sign in to view
@skjnldsv

This comment was marked as resolved.

Sign in to view
2 similar comments
@skjnldsv

This comment was marked as resolved.

Sign in to view
@skjnldsv

This comment was marked as resolved.

Sign in to view
@backportbot

This comment was marked as resolved.

Sign in to view
@skjnldsv skjnldsv mentioned this pull request Jan 17, 2024
Merged
@skjnldsv
Copy link
Member Author

skjnldsv commented Jan 17, 2024

#42882

@AsamK AsamK mentioned this pull request Feb 3, 2024
Closed
8 tasks
@michnovka
Copy link

michnovka commented Feb 9, 2024

This fix did not solve everything. I cannot see image previews on public share links (my.cloud/s/XXXXXX), and I see that PROPFIND request to public.php/webdav/ gives the 401 error. Using the workaround mentioned in the original issue - #42200 (comment) fixes this problem

@susnux
Copy link
Contributor

susnux commented Feb 9, 2024

@michnovka are you sure your Webserver correctly forwards all headers to PHP?
Especially X_REQUESTED_WITH

@michnovka
Copy link

michnovka commented Feb 9, 2024

I am using the nginx config from https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html (checked after update to 28.0.2 and it is identical to this one)

@michnovka
Copy link

michnovka commented Feb 9, 2024

@susnux I confirmed with adding var_dump($_SERVER) to public.php, and yes, all headers are passed. However, the X_REQUESTED_WITH header is not sent by JS request. See below request copied as CURL:

curl 'https://my.cloud/public.php/webdav/' --compressed -X PROPFIND -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0' -H 'Accept: text/plain,application/xml' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: text/plain;charset=UTF-8' -H 'Content-Length: 608' -H 'Depth: 0' -H 'Origin: https://my.cloud' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-origin' -H 'Authorization: Basic TlFQc2lGRnFzQW15eTZTOg==' -H 'Connection: keep-alive' -H 'Cookie: __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oc_sessionPassphrase=Tx3WTgJgIEIh0tkzXDMS3SvKZh3uiHenQaheDpb7%2BlDniZLexVDwYR%2F3OBmPBylRMyqnVxioHvVoPE8tTEKMLeUgZcO%2FUw%2Fp6rLLKJIm8hBle%2F2rKCmkn4FGi%2Fegt%2B%2Bj; ochoj4cc0e60=leb2vdq41oc2dr24i8pgvi5puf; nc_username=tomas; nc_token=JQl6MEydCWbUlt43KO%2B0UyEeFb%2BCGFnl; nc_session_id=leb2vdq41oc2dr24i8pgvi5puf' -H 'TE: trailers'

@blizzz blizzz mentioned this pull request Mar 5, 2024
Merged
@kesselb
Copy link
Contributor

kesselb commented Apr 17, 2024

/backport to stable24

#39924 was manually backported to 24, and therefore we need this change for 24 too.

@backportbot
Copy link

backportbot bot commented Apr 17, 2024

The backport to stable24 failed. Please do this backport manually.

# Switch to the target branch and update it
git checkout stable24
git pull origin stable24

# Create the new backport branch
git checkout -b backport/42853/stable24

# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts, resolve them
git cherry-pick 20a0b9cb

# Push the cherry pick commit to the remote repository and open a pull request
git push origin backport/42853/stable24

Error: No changes found in backport branch

Learn more about backports at https://docs.nextcloud.com/server/stable/go.php?to=developer-backports.

@kesselb kesselb mentioned this pull request Apr 17, 2024
Merged
6 tasks
@kesselb
Copy link
Contributor

kesselb commented Apr 17, 2024
edited
Loading

Manual backport for 24: #44895

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AndyScherzinger AndyScherzinger AndyScherzinger approved these changes

@Altahrim Altahrim Altahrim approved these changes

@artonge artonge artonge approved these changes

@come-nc come-nc come-nc approved these changes

@susnux susnux susnux left review comments

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@nfebe nfebe Awaiting requested review from nfebe nfebe is a code owner automatically assigned from nextcloud/server-backend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh is a code owner automatically assigned from nextcloud/server-backend

Assignees

@skjnldsv skjnldsv

Labels

4. to release Ready to be released and/or waiting for tests to finish 28-feedback bug feature: dav regression

Projects

None yet

Milestone

Nextcloud 29

Development

Successfully merging this pull request may close these issues.

Public shared links refreshing continuously since v28 upgrade

9 participants

@skjnldsv @michnovka @susnux @kesselb @AndyScherzinger @Altahrim @artonge @come-nc