Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-10345

Upload notification fails with proxy forwarder

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • Minor
    • None
    • 5.4.3, 5.4.4
    • Old Core
    • CentOS release 5.8 (Final)
      tomcat 7.0.27
      nginx 1.4.6
    • Unknown
    • N/A
    • N/A

    Description

      Whenever I upload a file(XAR, attachment to a page,...) to Xwiki, an error is returned stating "An error occurred uploading ...".
      Firebug states the following:

      XMLHttpRequest cannot load http://host/wiki/subwiki/get/space/page?xpage=attachmentslist&forceTestRights=1. The request was redirected to 'https://host/wiki/subwiki/get/space/page?xpage=attachmentslist&forceTestRights=1', which is disallowed for cross-origin requests that require preflight. 
      

      When refreshing the page however, the file has been uploaded correctly.

      This issue is particularly annoying when adding images to a page.
      In this case, I get an error

      [blocked] The page at 'https:/host/wiki/subwiki/edit/Project/WebHome' was loaded over HTTPS, but ran insecure content from 'http://host/wiki/subwiki/attach/Project/WebHome': this content should also be loaded over HTTPS.
      

      I have the https protocol configured in xwiki.cfg :

      xwiki.url.protocol=https
      

      I am using NginX as a proxy forwarder with this configuration:

      upstream rs_80 {
        server localhost:8080;
        # Enter server hosts that NginX should load balance over. See examples commented out below:
        # server 127.0.0.1:18080;
      }
      
      server {
        listen    80;
        server_name   *.my_DNS;
        return 301 https://$host:443$request_uri;
      }
      
      server {
        error_log /var/log/nginx/xwiki.error.log debug;
        listen    443 ssl;
        server_name   *.my_DNS;
      
        ssl_certificate      /etc/nginx/ssl/sp.crt;
        ssl_certificate_key  /etc/nginx/ssl/sp.key;
      
        location / {
          # For CORS
      if ($request_method = 'OPTIONS') {
       
              add_header 'Access-Control-Allow-Origin' '$http_origin';
              add_header 'Access-Control-Allow-Credentials' 'true';
              add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
              
              #
              # Custom headers and headers various browsers *should* be OK with but aren't
              #
       
              add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
              
              #
              # Tell client that this pre-flight info is valid for 20 days
              #
       
              add_header 'Access-Control-Max-Age' 1728000;
              add_header 'Content-Type' 'text/plain charset=UTF-8';
              add_header 'Content-Length' 0;
       
              return 204;
           }
       
           if ($request_method = 'POST') {
       
              add_header 'Access-Control-Allow-Origin' '$http_origin';
              add_header 'Access-Control-Allow-Credentials' 'true';
              add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
              add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
       
           }
       
           if ($request_method = 'GET') {
       
              add_header 'Access-Control-Allow-Origin' '$http_origin';
              add_header 'Access-Control-Allow-Credentials' 'true';
              add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
              add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
       
           }
          client_max_body_size 1100m;
        proxy_connect_timeout       600;
        proxy_send_timeout          600;
        proxy_read_timeout          600;
        send_timeout                600;
          proxy_pass                  http://rs_80;
          proxy_next_upstream         error timeout invalid_header http_500 http_502 http_503 http_504;
          proxy_redirect              off;
          proxy_set_header            X-Real-IP $remote_addr;
          proxy_set_header            Host $host;
          proxy_set_header            X-Forwarded-Host $host;
          proxy_set_header            X-Forwarded-Server $host;
          proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
        }
      }
      

      I've also introduced the CORS filter in my tomcat server with no success.

      Attachments

        1. refresh.jpg
          refresh.jpg
          26 kB
        2. image_attachment.jpg
          image_attachment.jpg
          21 kB
        3. error.jpg
          error.jpg
          141 kB

        Activity

          People

            vmassol Vincent Massol
            Kris Kristof
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: