Skip to first unread message
Alan Bailward
Jul 22, 2020, 3:37:57 AM7/22/20
to AtoM Users
Fresh install of atom 2.6 on a ubuntu box, up and going just post install, but it wouldn't let me create a user through the install wizard. I created a user from the symfony command line and logged in, but when I try to create a new user the top of the form isn't rendered properly.
There's nowhere to put in a username, password, etc. The only options are to set the user type (admin, editor, etc) and translation languages, but nothing else.
![]()
I've done a symfony tools:purge in case some weird data got in somehow in the fresh install, but this is literally a fresh install, new folder, new mysql 8, elastic search, etc install. I'm guessing this isn't right, but I have no idea what would have been done to give errors like this.
Same result after the tools:purge.
This is what I see:
If I look at the javascript log I see this:
[Error] Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' appears in neither the style-src directive nor the default-src directive of the Content Security Policy. (add, line 23, x4)
[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' appears in neither the script-src directive nor the default-src directive of the Content Security Policy. (add, line 44)
[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' appears in neither the script-src directive nor the default-src directive of the Content Security Policy. (add, line 61)
[Error] Refused to load https://www.gravatar.com/avatar/5bc3ee98b5a5bd0cd936554de2bdc232?s=25 because it appears in neither the img-src directive nor the default-src directive of the Content Security Policy.
[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' appears in neither the script-src directive nor the default-src directive of the Content Security Policy. (add, line 429)
[Error] EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'".
I'm not sure if this is causing the issue, as these errors show up going through the site in general.
Other info:
- Ubuntu 16.04
- mysql 8.0.21
- apache 2.4.18
- elastic search 5.6.16
- atom 2.6 (from the releases page)
This whole thing was started when we had similar issues with a 2.4 install (it was installed a year ago but data only started being added to it this last week) where all of a sudden parts of pages didn't seem to be rendered, or something got broken and would break the page. I gave up trying to figure out what was going and did a full fresh install with the latest version as we would lose "only" about 30 hours of data entry.
I'd really like to not have the team lose any more time, and figure out if this is an issue deeper than a bug in the UI. If something is wrong in our set up I want to know as soon as possible :)
Dan Gillean
Jul 22, 2020, 3:52:57 PM7/22/20
to ICA-AtoM Users
Hi Alan,
I've just run a couple tests, and I'm able to create new users in my 2.6 test environment. So far, I don't think this is a bug in the application, so let's see if we can work out what's going on locally for you. From the list of installation dependencies, it looks like only Apache is different, and based on some initial online searching of these errors, I'm starting to wonder if that's where the issue might be found.
All of the error messages you've shared reference the Content Security Policy. This is getting out of my area of knowledge, but CSPs are implemented in most modern browsers as a way of adding additional security, to prevent things like cross-site scripting attacks. As Wikipedia notes, "CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features."
Essentially, when the web pages delivered include meta or HTP header elements with CSP directives, CSP-supporting browsers will enforce those guidelines.
AtoM by default does not include any code that would add these. You can see that we call the inclusion of metas on our 1-column layout page (as in the User edit page) here. AtoM's defaults are set here:
We're not invoking any CSP-related restrictions or parameters here. However, these can be set other places, such as the web server. I would suggest that you look into your Apache configuration. Some general links that may help learn more about this:
Meanwhile... In case you investigate and that's not the issue, I'll explore a couple other things you can check below. Does your AtoM site have a custom theme in place? If so, you might want to check some of the theme files, as it could be possible that different headers or meta elements are declared in your theme, if not on the webserver.
Other ideas:
First, when you upgraded from your 2.4 installation, did you remember to drop and recreate the MySQL database, and then run the upgrade task after loading your 2.4 data? See:
Additionally, if you do have a custom theme, make sure you review and apply the suggestions found lower down on this page:
Part of those instructions involve recompiling the CSS - and even if you've already implemented those, I think this is a step worth trying again if the user page is not rendering properly. If you've installed AtoM from the tarball on our website, then you may not have the dependencies to run the make command installed (the CSS is precompiled in the tarball, while if you install from our code repository, we include a step to compile it during installation). As such, I'll borrow the following lines from the Option 2 (Install from our code repository) installation instructions:
- curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
- sudo apt install nodejs npm make
- sudo npm install -g "less@<2.0.0"
- sudo make -C /usr/share/nginx/atom/plugins/arDominionPlugin
The first 3 steps install the required dependencies, and then the last step will recompile the CSS for the base Dominion theme. If you are using Apache, you may need to modify the first part of the path in the last command - I'm guessing it's something like /var/www/atom instead, but you'll know better. Also, don't miss that last dash in the first command!
One thing to note - AtoM still requires a much older version of less (which requires an older version of nodeJS to install), so you may see deprecation notices - we're aware of this and have an issue to track it (#13390), but in the meantime it should work to proceed.
If you have a custom theme plugin, make sure you repeat the last command, but with the name of your custom theme plugin. For example, if your theme plugin is called arMyCustomThemePlugin, then the command would be something like:
- sudo make -C /var/www/atom/plugins/arMyCustomThemePlugin
I'd suggest clearing the application cache, and restarting PHP-FPM (as well as memcached if you're using it) as well:
- php symfony cc
- sudo systemctl restart php7.2-fpm
- sudo systemctl restart memcached
Don't forget to clear your browser cache as well, and/or test in a private/incognito browser, so you are seeing the updates and not a cached version of the broken page.
Hopefully some of this will point you in the right direction! Please let us know how it goes.
Regards,
he / him
--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/f01e7163-e85f-4bc5-86d4-250a5987ee6dn%40googlegroups.com.
Alan Bailward
Jul 23, 2020, 2:45:53 AM7/23/20
to AtoM Users
Thanks Dan. Looks like something internally just got f'd up. I ended up purging every package, config, etc that was associated with the setup and then re-created the system from scratch and now it seems to be working. Luckily not too much data was lost, and I've got the old files so I should be able to re-create the customizations fairly easily.
Hopefully future upgrades won't be quick this tricky. I'm guessing it was something not quite right in the initial install that was just never noticed because the client (I'm just the tech guy in charge of setting it all up) never got deep into the system to see the issues.
Reply all
Reply to author
Forward
0 new messages