Hi all,
I am facing this problem for few months any URL images from profile image to blog_tools image anything that goes in to serve-file url i am getting a 403 forbidden error i don't know why i am getting this error.. bcz of this any blog image or profile, group image is not getting rendered in social network site..
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
If you go to the url in your browser what message do you get. There are some 403 errors possible in 'serve-file'
PS: which Elgg version
If i go to the respective URL i am not getting any error but when i try to fetch those URL using social network site i get a 403 error ..
https://www.connectgalaxy.com/serve-file/e0/l1379822555/di/c1/-eP50G4oCdVGrPX75T-bWE41taoNztkz3cem0uabgek/1/41/groups/3179large.jpg
Elgg Version: 2.3.14
I see on your example url you get the error "HMAC mismatch" which means the token in the url (everything after /c1/ until /1/41/..) doesn't match all the information provided with the request.
Eighter the url is manipulated (unlikely) or the cookie isn't send with the request. This can happen if you have a caching server (for example Varnish) before your webserver and it drops the cookie in the request.
So the cookie gets send by your browser to the caching server, that drops the cookie from the request and sends the rest to the webserver. Then you can get this error.
I only have one server may be this is done by the opcache extension ?? If i disable the opcache may be this problem can get solved ..
No Opcache has nothing to do with this issue.
I think it has something to do with the cookie.
Here is the part of the code that fails https://github.com/Elgg/Elgg/blob/b1c600be4ec07d5a98bcaf5892fb5b810181a669/engine/classes/Elgg/Application/ServeFileHandler.php#L66-L81
Maybe if you understand PHP you can troubleshoot where it goes wrong
I checked my server time it's correct.. i don't know what to do is there some troubleshoot instruction for this so that i will follow those procedure to fix it .. Else tell me how to disable the cookie part..
Do you still have the error (with profile images and group images at least) when disabling all 3rd party plugins temporarily (blog image with blog_tools would then also not work during testing)? I wonder if some 3rd party plugins (maybe when not having the latest or a compatible version installed) causes the problem.
It seems you might have got it working not though (at least it seems so for me). Have you changed anything? If not - and it still fails for you - have you tried with a different browser yet (or at least with a browser with browser addons disabled)?
Thank for you time @iionly & @Jerome .. I tried deactivating all the third party plugin one by one i was able to find the odd plugin that was causing the problem for Image.. Now the social network's are able to take the image of Profile, groups, files & ckeditor extended .. But blog tools image is still not able to pick by the social media .. I tried disabling all the 3rd party plugin & only activating blog tools alone but still the same ..
Does anyone know how to fix this in any other way ... Only Blog tools image is giving problem ..
- Previous
- 1
- 2
- 3
- 4
- Next
You must log in to post replies.