Weird File Upload Error

[Michael Rowe]

I've got file uploads working everywhere except the Add Files link in the Files module of a course.

I can add files through the rich content editor, uploading a zip file, and using the drag-drop method in Chrome and Firefox. I am using a fresh Canvas install as of (3/8/12) on Ubuntu 11.10.

When I click the Add Files link it does prompt me to select a file, but once I select it I get 2 different errors depending on the browser.

Chrome/Firefox

I get an immediate error in the File Uploads Queue popup: Failed uploading: Error #2038

I do not get any error report in canvas' logs.

Internet Explorer

It starts the upload in the File Uploads Queue popup, but part way through I get: Failed uploading: 422

I also get the following error in the canvas error report:

ActionController::InvalidAuthenticityToken

category: default
2012-03-08 14:06:46 -0700
https://***myurl***/courses/1/files.text

PATH_INFO: /courses/1/files.text 
REMOTE_ADDR: xx.xx.xx.xx 
QUERY_STRING: 
SERVER_PORT: 443 
HTTP_COOKIE: ui-tabs-1=2; _normandy_session=8772f4edcfdd5cd1454bf4b2754335de 
HTTP_HOST:  ***myurl***  
exception_message: ActionController::InvalidAuthenticityToken 
SERVER_PROTOCOL: HTTP/1.1 
format: text/plain 
HTTP_USER_AGENT: Shockwave Flash 
REQUEST_METHOD: POST 
SERVER_NAME:  ***myurl***  
action_controller.request.path_parameters: controllerfilesformattextcourse_id1actioncreate 
REQUEST_URI: /courses/1/files.text 
HTTP_ACCEPT: text/* 

/var/rails/canvas/app/controllers/application_controller.rb:841:in `verify_authenticity_token'
/var/lib/gems/1.8/gems/activesupport-2.3.14/lib/active_support/callbacks.rb:178:in `send'
/var/lib/gems/1.8/gems/activesupport-2.3.14/lib/active_support/callbacks.rb:178:in `evaluate_method'
/var/lib/gems/1.8/gems/activesupport-2.3.14/lib/active_support/callbacks.rb:166:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:225:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:629:in `run_before_filters'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:615:in `call_filters'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:638:in `run_before_filters'
/var/rails/canvas/app/controllers/application_controller.rb:100:in `set_locale'
/var/lib/gems/1.8/gems/activesupport-2.3.14/lib/active_support/callbacks.rb:178:in `send'
/var/lib/gems/1.8/gems/activesupport-2.3.14/lib/active_support/callbacks.rb:178:in `evaluate_method'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:186:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:635:in `run_before_filters'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:615:in `call_filters'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:638:in `run_before_filters'
/var/rails/canvas/lib/authentication_methods.rb:48:in `load_pseudonym_from_policy'
/var/lib/gems/1.8/gems/activesupport-2.3.14/lib/active_support/callbacks.rb:178:in `send'
/var/lib/gems/1.8/gems/activesupport-2.3.14/lib/active_support/callbacks.rb:178:in `evaluate_method'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:186:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:635:in `run_before_filters'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:615:in `call_filters'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:610:in `perform_action_without_benchmark'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
/var/lib/gems/1.8/gems/activesupport-2.3.14/lib/active_support/core_ext/benchmark.rb:17:in `ms'
/usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
/var/lib/gems/1.8/gems/activesupport-2.3.14/lib/active_support/core_ext/benchmark.rb:17:in `ms'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/rescue.rb:160:in `perform_action_without_flash'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/flash.rb:151:in `perform_action'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/base.rb:532:in `send'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/base.rb:532:in `process_without_filters'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/filters.rb:606:in `process_without_compass'
/var/lib/gems/1.8/gems/compass-0.11.5/lib/compass/app_integration/rails/actionpack2/action_controller.rb:7:in `process'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/base.rb:391:in `process'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/base.rb:386:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/routing/route_set.rb:438:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/dispatcher.rb:87:in `dispatch'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/dispatcher.rb:121:in `_call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/dispatcher.rb:130:in `build_middleware_stack'
/var/lib/gems/1.8/gems/sass-3.1.15/rails/../lib/sass/plugin/rack.rb:54:in `call'
/var/lib/gems/1.8/gems/sass-3.1.15/rails/../lib/sass/plugin/rack.rb:54:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/string_coercion.rb:25:in `call'
/var/lib/gems/1.8/gems/rack-1.1.3/lib/rack/head.rb:9:in `call'
/var/lib/gems/1.8/gems/rack-1.1.3/lib/rack/methodoverride.rb:24:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/params_parser.rb:15:in `call'
/var/rails/canvas/vendor/plugins/respondus_soap_endpoint/lib/respondus_api_middleware.rb:60:in `call'
/var/rails/canvas/lib/request_context_generator.rb:35:in `call'
/var/rails/canvas/app/middleware/prevent_non_multipart_parse.rb:32:in `call'
/var/rails/canvas/app/middleware/load_account.rb:11:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/session/abstract_store.rb:177:in `call'
/var/lib/gems/1.8/gems/activerecord-2.3.14/lib/active_record/query_cache.rb:29:in `call'
/var/lib/gems/1.8/gems/activerecord-2.3.14/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in `cache'
/var/lib/gems/1.8/gems/activerecord-2.3.14/lib/active_record/query_cache.rb:9:in `cache'
/var/lib/gems/1.8/gems/activerecord-2.3.14/lib/active_record/query_cache.rb:28:in `call'
/var/lib/gems/1.8/gems/activerecord-2.3.14/lib/active_record/connection_adapters/abstract/connection_pool.rb:361:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/failsafe.rb:26:in `call'
/var/lib/gems/1.8/gems/rack-1.1.3/lib/rack/lock.rb:11:in `call'
/var/lib/gems/1.8/gems/rack-1.1.3/lib/rack/lock.rb:11:in `synchronize'
/var/lib/gems/1.8/gems/rack-1.1.3/lib/rack/lock.rb:11:in `call'
/var/lib/gems/1.8/gems/actionpack-2.3.14/lib/action_controller/dispatcher.rb:106:in `call'
/usr/lib/ruby/1.8/phusion_passenger/rack/request_handler.rb:96:in `process_request'
/usr/lib/ruby/1.8/phusion_passenger/abstract_request_handler.rb:513:in `accept_and_process_next_request'
/usr/lib/ruby/1.8/phusion_passenger/abstract_request_handler.rb:274:in `main_loop'
/usr/lib/ruby/1.8/phusion_passenger/rack/application_spawner.rb:206:in `start_request_handler'
/usr/lib/ruby/1.8/phusion_passenger/rack/application_spawner.rb:171:in `send'
/usr/lib/ruby/1.8/phusion_passenger/rack/application_spawner.rb:171:in `handle_spawn_application'
/usr/lib/ruby/1.8/phusion_passenger/utils.rb:479:in `safe_fork'
/usr/lib/ruby/1.8/phusion_passenger/rack/application_spawner.rb:166:in `handle_spawn_application'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:357:in `__send__'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:357:in `server_main_loop'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:206:in `start_synchronously'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:180:in `start'
/usr/lib/ruby/1.8/phusion_passenger/rack/application_spawner.rb:129:in `start'
/usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:253:in `spawn_rack_application'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:132:in `lookup_or_add'
/usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:246:in `spawn_rack_application'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:82:in `synchronize'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:79:in `synchronize'
/usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:244:in `spawn_rack_application'
/usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:137:in `spawn_application'
/usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:275:in `handle_spawn_application'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:357:in `__send__'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:357:in `server_main_loop'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:206:in `start_synchronously'
/usr/share/phusion-passenger/helper-scripts/passenger-spawn-server:99

[Roman Visintine]

Looks like a crossdomain.xml issue. Are you using S3 for file storage?

--Roman

[Michael Rowe]

No, the files are stored locally on the same server.

[shyam]

Hi,
same problem with me also but in my case im getting this error.

NoMethodError (private method `cp' called for File:Class):
  app/controllers/files_controller.rb:495
  app/controllers/files_controller.rb:479:in `create'
  app/controllers/application_controller.rb:57:in `set_locale'
  lib/authentication_methods.rb:48:in `load_pseudonym_from_policy'
  compass (0.11.5) lib/compass/app_integration/rails/actionpack2/action_controller.rb:7:in `process'
  sass (3.1.12) rails/./lib/sass/plugin/rack.rb:54:in `call'
  sass (3.1.12) rails/./lib/sass/plugin/rack.rb:54:in `call'
  lib/request_context_generator.rb:35:in `call'
  app/middleware/prevent_non_multipart_parse.rb:32:in `call'
  app/middleware/load_account.rb:11:in `call'
  passenger (3.0.11) lib/phusion_passenger/rack/request_handler.rb:96:in `process_request'
  passenger (3.0.11) lib/phusion_passenger/abstract_request_handler.rb:513:in `accept_and_process_next_request'
  passenger (3.0.11) lib/phusion_passenger/abstract_request_handler.rb:274:in `main_loop'
  passenger (3.0.11) lib/phusion_passenger/rack/application_spawner.rb:206:in `start_request_handler'
  passenger (3.0.11) lib/phusion_passenger/rack/application_spawner.rb:171:in `send'
  passenger (3.0.11) lib/phusion_passenger/rack/application_spawner.rb:171:in `handle_spawn_application'
  passenger (3.0.11) lib/phusion_passenger/utils.rb:479:in `safe_fork'
  passenger (3.0.11) lib/phusion_passenger/rack/application_spawner.rb:166:in `handle_spawn_application'
  passenger (3.0.11) lib/phusion_passenger/abstract_server.rb:357:in `__send__'
  passenger (3.0.11) lib/phusion_passenger/abstract_server.rb:357:in `server_main_loop'
  passenger (3.0.11) lib/phusion_passenger/abstract_server.rb:206:in `start_synchronously'
  passenger (3.0.11) lib/phusion_passenger/abstract_server.rb:180:in `start'
  passenger (3.0.11) lib/phusion_passenger/rack/application_spawner.rb:129:in `start'
  passenger (3.0.11) lib/phusion_passenger/spawn_manager.rb:253:in `spawn_rack_application'
  passenger (3.0.11) lib/phusion_passenger/abstract_server_collection.rb:132:in `lookup_or_add'
  passenger (3.0.11) lib/phusion_passenger/spawn_manager.rb:246:in `spawn_rack_application'
  passenger (3.0.11) lib/phusion_passenger/abstract_server_collection.rb:82:in `synchronize'
  passenger (3.0.11) lib/phusion_passenger/abstract_server_collection.rb:79:in `synchronize'
  passenger (3.0.11) lib/phusion_passenger/spawn_manager.rb:244:in `spawn_rack_application'
  passenger (3.0.11) lib/phusion_passenger/spawn_manager.rb:137:in `spawn_application'
  passenger (3.0.11) lib/phusion_passenger/spawn_manager.rb:275:in `handle_spawn_application'
  passenger (3.0.11) lib/phusion_passenger/abstract_server.rb:357:in `__send__'

--

Thanks and regards,
-Shyam
+91-86884-68400

[Michael Rowe]

After some more digging and testing I figured out the issue. Basically, the Flash based uploader that is used by the "Add Files" link did not like the self-signed certificate from my web server. Even though I told my browser to continue when I got the certificate warning, Flash still uses its own security settings. This is why the other non-flash upload methods worked and not the flash method.

Obviously the best solution is to get an SSL certificate signed by a CA, but while I'm still in development I just added my self-signed certificate to my computer's Trusted Root Certificate Authority. I followed the instructions here:  http://stackoverflow.com/questions/681695/what-do-i-need-to-do-to-get-internet-explorer-8-to-accept-a-self-signed-certific 

[Trương Hoàng Dũng]

I've met this issue when using firefox to upload files.
I'm using a symlink to a Mount NAS device to store files.
I guess this is an issue due to folder permission .
Does anyone know how to fix this ?

[Varghese VS]

Hi,

 

But for my site, i am having a valid SSL certificate issued by DigiCert.

But i faces the file upload  issue.

 

 

--

Varghese

[Ron Santos]

Hi Varghese,

Does the drag and drop method work (i.e. non flash file uploader)? If so, then you may want to implement this workaround which we have implemented on our local instance - https://github.com/sfu/canvas-lms/commit/8cea2d0fe154cb86c23971e98d3ac4c3dfaf6a2b

Ron Santos
Senior Systems Engineer
Institutional, Collaborative, and Academic Technologies (ICAT)
IT Services
Simon Fraser University www.sfu.ca


----- Original Message -----

--

[Varghese]

Hi Ron,

Yea, i got this work around from the canvas google group and that did the magic for me....:-)

And now the file upload is working...

Thanks for the reply...

--
Varghese

[Clayton Morrow]

Ron, thanks for posting this, it was very helpful for a novice like myself!

[Lydia Mikisa]

Iam struggling with file upload error on Canvas, can i please get some help. using Canvas for the first time 

Thanks

Lydia

[Steve Hillman]

Hi Lydia,

  As others have mentioned before, this is a bug introduced by the Flash browser plugin used for the File Upload functionality. Chrome has had this bug for a few months at least, and now apparently IE has it as well (most likely due to a recent Flash upgrade). Ruby on Rails has a built-in mechanism to protect form submissions which involves embedding a random string in the form (the "authenticity token" referred to in the error below). The Flash plugin is not preserving that string when it "submits" the form to upload the file. There's a workaround which basically involves modifying one file in Canvas to not do the security check during file upload. The modification is a simple one-line change to one file and can be seen visually here:

https://github.com/sfu/canvas-lms/commit/8cea2d0fe154cb86c23971e98d3ac4c3dfaf6a2b

Note that this change is not part of Instructure's core code, so anytime you update your code from Instructure you will need to reapply this patch

Hope that helps.

---

--
 
---
You received this message because you are subscribed to the Google Groups "Canvas LMS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to canvas-lms-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--

Steve Hillman        IT Architect
hil...@sfu.ca       Institutional, Collaborative, & Academic Technologies (ICAT)
778-782-3960         Simon Fraser University

[bkc1...@gmail.com]

Hi Steve,

I tried to apply your fix but it hasn't had any effect. I am able to use the drag and drop upload in the files page, as well as the upload feature in the "create page" section. I get an IO error when using the file upload in the files section, which I find quite baffling as the other two methods work fine. Any suggestions?

[Steve Hillman]

Have you checked your Canvas log (production.log) to see what error was reported? If you can't find the entry that corresponds with the error, do a "tail -f production.log" and then go recreate the error. It should be the last thing on the log screen then.

That said, if you're still getting the "invalid authenticity token" in the error report, then that's still the problem. If you're sure you applied the code right, did you restart Canvas on all nodes?

---

[mega...@gmail.com]

Hi Steve, Ron and others,

I have changed the files_controller.rb and uploaded a crossdomain.xml to my S3 bucket with this content:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
    <site-control permitted-cross-domain-policies="master-only"/>
    <allow-access-from domain="sub.domain.com"/>
</cross-domain-policy>

Still, I get the error "Failed uploading: Security Error". No sign of "invalid authenticity token" in my production.log or any other error.


Op woensdag 10 april 2013 13:38:06 UTC+2 schreef Steve Hillman het volgende:

[Cody Cutrer]

You need to make sure your crossdomain.xml is publicly accessible, like http://instructure-uploads.s3.amazonaws.com/crossdomain.xml is. Also, in the next release, no modifications to files_controller are necessary (https://github.com/instructure/canvas-lms/commit/f0a0ec67415271f31e1c502589ef875fc91fbe42 fixed it).

Cody Cutrer

Software Engineer

Instructure

[jos...@gmail.com]

I actually have the same error as DL. I am using a wildcard in my domain list since I am using www subdomain as well. And yes my crossdomain file is public.

[DL]

Made my day! Had to fix the permission from within my S3 console.

Op vrijdag 21 juni 2013 16:38:47 UTC+2 schreef Cody Cutrer het volgende: