Problem with previewer and signed url
Martin Schorcht
I have a problem with using previewers on our production dataverse (https @v6.4).
On our test environment (http @v6.4 ) they run without problems (at least if I ignore mixed content or using local hosted previewers).
The problem on our production dataverse is that i get a 401 response when the tool parameters are requested:
https://prod.url.de/api/v1/files/103/metadata/96/toolparams/4?until=2025-02-07T11:45:52.365&user=privilegedUser&method=GET&token=db1395680...
--> Status 401: {"status":"ERROR","message":"Bad signed URL"}
Here is what i have checked so far:
- The previous request with callback ( https://gdcc.github.io/dataverse-previewers/previewers/v1.4/TextPreview.html?callback=aHR0cH ...) is working, also the decoded value ( https://prod.url.de/api/v1/files... ) is correct.
- The files from github.io has been loaded and cors on our minio is enabled. Also i have testet local previewer without success, so cors is devinitv not the cause of the problem.
- if I remove the parameters (user, token, ..) from the toolparams request, I get an result (200) with signedUrls of the allowed api calls (without a token parameter). As long as I am logged in, they are also working (because of the sessionid, or?).
--> Therefore, I think that the token does not work with the given adress
What could be the cause of the 401 error on the productions environment?
To describe the circumstances, I will mention the similarities and differences between prod and test, which may be relevant:
Similarities:
- both use direct upload and indirect download (direct download = false) with minio, which also works so far with webuploader
Differences:
- prod runs on https and test runs on http
- one minio https instance for prod and one minio http instance for test
dataverse.fqdn = prod.old.url.de
dataverse.siteUrl = http://${dataverse.fqdn}:8080
changed to:
dataverse.fqdn = prod.url.de
dataverse.siteUrl = https://${dataverse.fqdn}
James Myers
Martin,
I’m not sure off-hand. The signed URLs work by checking a hash of the URL, so if there’s any difference between what’s signed and what’s received (things like http getting redirected to https, leaving out the /v1 when signing, etc.) the signature check will fail. Probably the easiest way to diagnose is to set FINE logging on the edu.harvard.iq.dataverse.util.UrlSignerUtil class. That should print out in the log what is being received so you can compare with the exact URL string that is being sent. Hopefully that will give you a clue about what is different in your prod environment.
-- Jim
--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
dataverse-commu...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/dataverse-community/347a9d8a-821e-49eb-a901-7b46cbf99d75n%40googlegroups.com.
Martin Schorcht
