Announcement

#1 2022-02-14 21:10:32

Sharky
Member
2022-02-01
2

community plugin - upload photo: wrong XMLHttpRequest endpoint: http

Hello

* My config should force everyone to use https connections. However while using the user upload photo from the community plugin I got a wrong XMLHttpRequest endpoint call to http instead of https.
(login user, menu upload photo, select one photo, push "start upload". Nothing happens due to error)

* I use a debian linux system with nginx proxy which terminates ssl and redirect to my piwigo docker (12.2 version). The link between my nginx frontend and my docker-piwogo backend is http, port 8085:80.

* Error stack:

Code:

l9b5xp.js:94 Mixed Content: The page at 'https://foto-acc.creaski.eu/index.php?/add_photos' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://foto-acc.creaski.eu/ws.php?method=pwg.images.upload&format=json'. This request has been blocked; the content must be served over HTTPS.
send @ l9b5xp.js:94
index.php:1 Uncaught SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at Function.m.parseJSON (l9b5xp.js:8:15998)
    at o.Uploader.Error (index.php:680:40)
    at o.Uploader.<anonymous> (l9b5xp.js:108:14560)
    at Array.<anonymous> (l9b5xp.js:93:20062)
    at i (l9b5xp.js:93:3482)
    at l9b5xp.js:93:3505
    at Array.<anonymous> (l9b5xp.js:93:20055)
    at i (l9b5xp.js:93:3482)
    at l9b5xp.js:93:3505
index.php?/add_photos:694 Uncaught TypeError: Cannot read properties of null (reading 'label')
    at o.Uploader.UploadComplete (index.php:694:112)
    at o.Uploader.<anonymous> (l9b5xp.js:108:14560)
    at Array.<anonymous> (l9b5xp.js:93:20062)
    at i (l9b5xp.js:93:3482)
    at Object.r [as inSeries] (l9b5xp.js:93:3589)
    at o.Uploader.dispatchEvent (l9b5xp.js:93:20101)
    at o.Uploader.trigger (l9b5xp.js:93:20386)
    at o.Uploader.g (l9b5xp.js:108:3868)
    at l9b5xp.js:108:11385

* Piwigo URL: https://foto-acc.creaski.eu/

* I'm not sure I should look for an piwigo config error or a nginx frontend error. Any help welkom.

* my nginx frontend config (part of it):

Code:

############################################################
## http config
server {
        listen 80;
        listen [::]:80;
        server_name   creaski.eu *.creaski.eu;

        error_log /var/www/creaski.eu/logs/error.log error;
        access_log /var/www/creaski.eu/logs/access.log combined;

        #redirect http to https except for localhost using 301 redirect

        if ($remote_addr !~ "^127\.0\.0\.1$"){
                return 301 https://$host$request_uri;
        }
}
######################################################################
######################################################################
## foto-acc.creaski.eu
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name foto-acc.creaski.eu;
        root /var/www/piwigo;

index index.html index.htm index.php;

        error_log /var/www/creaski.eu/logs/piwigo-acc_error.log error;
        access_log /var/www/creaski.eu/logs/piwigo-acc_access.log combined;
        ssl_certificate /root/.ssh/LE4096/0007_chain.pem;
        ssl_certificate_key /root/.ssh/LE4096/www.creaski.eu_privkey.pem;

############# begin ssl defaults
# JVD
  
  add_header X-Frame-Options sameorigin;
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";

# Set Headers
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
##proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Proxy ""; # Mitigate httpoxy attack

# Send the HTTP Strict-Transport-Security header (HSTS) to the Client
##add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;

# HTTP 1.1 support
proxy_http_version 1.1;

# Disable buffering of responses from the proxied server.
proxy_buffering off;

# Parameters for SSL/TLS configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# Ciphers should be same as the ciphers on Middleware Server configuration_{instance}.xml file
ssl_ciphers  TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:CM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-R>

# Disable the verification of the proxied HTTPS server certificate (eg: MWS certificate).
# Note: this might violate the corporate securtiy policy of the customer.
proxy_ssl_verify off;
# Set the timeouts depending on the usage of the IFS Applications.
# The values should be correlated with the timeouts in the Middleware Server configuration_{instance}.xml file
proxy_connect_timeout      60s;
proxy_send_timeout         600s;
proxy_read_timeout         600s;
send_timeout               600s;
proxy_next_upstream timeout error;

# Set the maximum allowed size of the client request body.
# This should be set depending on the requests to the IFS Applications (eg: document upload or integrations body size) - original 50m
client_max_body_size 350m; #vergroot om upload/download mogelijk te maken

############# end ssl defaults

  location / {
      proxy_pass http://127.0.0.1:8085;
        }

location /phpmyadmin {
     #  location ~ \/phpmyadmin {
      rewrite ^/phpmyadmin(/.*)$ $1 break;
      proxy_pass http://127.0.0.1:8185;
      client_max_body_size 128;
        }

}# end server foto-acc
######################################################################

Offline

 

#2 2022-02-23 21:18:15

Sharky
Member
2022-02-01
2

Re: community plugin - upload photo: wrong XMLHttpRequest endpoint: http

Hi

After investigating further, it seems this issue breaks down to "piwigo after a rproxy handling ssl offload". Piwigo struggles with the subject sinds 2012! As the rproxy is talking http to the backend, piwigo generates url with http and this should be https.

for a nice explaination: [Github] Piwigo issue #1183

See [Github] Piwigo issue #982 for further investigation. This results in a pull request to solve this (See https://github.com/Piwigo/Piwigo/pull/1274)

There are several sollutions, depending on your needs. I choose this hack:

"The fix I did for my instance is to modify gallery/include/functions_url.inc.php
line 48 http should be change to https, because of reverse proxy external protocol being HTTPS."

Kind regards

Johan

Offline

 

#3 2022-04-04 03:12:20

tjk
Member
2022-03-23
7

Re: community plugin - upload photo: wrong XMLHttpRequest endpoint: http

Hello Sharky!

I just hit the same problem. Was trying to test the Android Piwigo NG app. It wouldn't load any images. Turns out it issues http requests for those. I am running HAProxy which does SSL termination, so the php app only sees http requests. I applied your line 48 hack, and the NG app works just fine now. Thank you for that.

tjk :)

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2022 · Contact