Error while uploading file in filebrowser
2,019 views
Skip to first unread message
plaban...@gmail.com
Apr 7, 2012, 10:12:40 AM4/7/12
to Mezzanine Users
When I am uploading a file into the media library . I am getting an
HTTP error.
Any help with that. Is it a permission issue or something
Christian Bahls (Gmail)
Apr 7, 2012, 1:01:10 PM4/7/12
to mezzani...@googlegroups.com
had a similar problem, but can also not specify more context
[¹] just wasn't important enough .. the form file upload works so it is only an issue for newly created content on pages
as it is not really clear where that error came from
(also not running the server not in developer mode any longer
but could start an additional to trace that error) [¹]
yours
Christian
PS: is there a away to do the upload functionality without using a flash plugin?
[¹] just wasn't important enough .. the form file upload works so it is only an issue for newly created content on pages
Josh Cartmell
Apr 7, 2012, 8:00:53 PM4/7/12
to mezzani...@googlegroups.com
Is it on all uploads or just uploads of a certain size? I had a site that was using fastcgi that would crash on uploads above a certain size because of a fastcgi timeout setting.
Stephen McDonald
Apr 7, 2012, 11:17:02 PM4/7/12
to mezzani...@googlegroups.com
Have you used your browser's developer tools for viewing JavaScript errors or failed HTTP requests?
Not much anyone can do otherwise without any info to work with.
plaban nayak
Apr 8, 2012, 1:59:47 AM4/8/12
to mezzani...@googlegroups.com
Hi,
when I am visiting the site http://mezzanine.jupo.org/admin/media-library/browse/ I am getting an UnicodeDecodeError.
In my system nginx log the post request to /admin/media_library/upload_file/ shows 403 status and the flash player is Shock wave flash.
In the admin panel after the file is uploaded it shows HTTP Error and then redirects back to the library.
Is there a way i can see what is the error happening.
It happens with files of every size, small and large.
Plaban
Stephen McDonald
Apr 8, 2012, 2:14:19 AM4/8/12
to mezzani...@googlegroups.com
Thanks Plaban - I think you'll find the uploads directory (project/static/media/uploads/ by default) isn't writeable by the web server user.
The demo site should also work again now.
plaban nayak
Apr 8, 2012, 2:23:07 AM4/8/12
to mezzani...@googlegroups.com
Hi
Plaban
plaban nayak
Apr 8, 2012, 2:42:00 AM4/8/12
to mezzani...@googlegroups.com
Ok got it .
plaban nayak
Apr 8, 2012, 2:55:34 AM4/8/12
to mezzani...@googlegroups.com
I made the home directory and all of its subdirectory writeable by everyone but still i am getting the same error.
Plaban
Stephen McDonald
Apr 8, 2012, 3:19:18 AM4/8/12
to mezzani...@googlegroups.com
Have you tried running everything without a web server, using Django's built-in development server?
At least that way you can isolate whether it's a web server issue.
Stephen McDonald
Sep 23, 2012, 5:21:19 PM9/23/12
to Henri Colas, mezzani...@googlegroups.com
I can't reproduce this, but I can point you to what's going wrong.
- The upload view/template passes the current user's session key as a variable when uploading a file via the Flash widget
- The Flash widget posts to the _upload_file view which is wrapped in a flash_login_required decorator
- The flash_login_required decorator checks for the session key, and looks up the user based on session key, which is where the error occurs for you
So something's getting lost in that chain, here are the relevant bits of code:
Session key gets passed to the upload view for using in JS: https://github.com/stephenmcd/filebrowser-safe/blob/master/filebrowser_safe/views.py#L241
Session key gets set in JS for the Flash widget in the upload template: https://github.com/stephenmcd/filebrowser-safe/blob/master/filebrowser_safe/templates/filebrowser/upload.html#L33
Actual upload view that the file is posted to is wrapped in the flash_login_required decorator: https://github.com/stephenmcd/filebrowser-safe/blob/master/filebrowser_safe/views.py#L275
User lookup in the decorator where the error seems to occur: https://github.com/stephenmcd/filebrowser-safe/blob/master/filebrowser_safe/decorators.py#L24
On Mon, Sep 24, 2012 at 7:03 AM, Henri Colas <henri...@gmail.com> wrote:
Hello,Same upload problem here:* latest version of Mezzanine (1.2.4), deployed with the bundled fabric file, on a newly installed Ubuntu 12.04 server* works ok if I start the development server behind nginx* doesn't work if I start django with gunicorn (manually or through supervisor)The exact message is "KeyError at /admin/media-library/upload_file/ : '_auth_user_id'"It appears to come from the function _upload_file, in filebrowser_safe/views.py
I had to add logging in django settings to see this.Any help would be appreciated !ThanksHenri
Henri Colas
Sep 23, 2012, 5:28:53 PM9/23/12
to Stephen McDonald, mezzani...@googlegroups.com
Thanks for the fast answer !
I'll look into it in the next few days, especially the influence of the settings I changed, and report to you if I find something interesting.
Henri
Henri Colas
Sep 29, 2012, 4:12:07 AM9/29/12
to Stephen McDonald, mezzani...@googlegroups.com
OK, I found what's wrong, and a possible fix:
TL;DR : upload over https doesn't work due to bad redirections, fix is add another prefix to SSL_FORCE_URL_PREFIXES .
----------
With the settings:
+SSL_ENABLED = True
-#SSL_ENABLED = True
+SSL_FORCE_URL_PREFIXES = ("/admin", "/account")
-#SSL_FORCE_URL_PREFIXES = ("/admin", "/account")
# Uncomment the following if using any of the SSL settings:
+ "mezzanine.core.middleware.SSLRedirectMiddleware",
- #"mezzanine.core.middleware.SSLRedirectMiddleware",
After investigation, the chain of events is:
GET 'https://mydomain/asset_proxy/?u=/static/filebrowser/uploadify/uploadify.swf' => 302 to same url in HTTP
POST http://mydomain/admin/media-library/upload_file/ => 302 to same url in HTTPS
GET https://mydomain/admin/media-library/upload_file/ => error 500 (the one I initially mentionned)
Fix:
If I add "/asset_proxy" to SSL_FORCE_URL_PREFIXES, upload works correctly in https.
But I have no idea of possible consequences !
Henri
Henri Colas
Sep 30, 2012, 4:18:32 PM9/30/12
to Stephen McDonald, mezzani...@googlegroups.com
Well, it appears that "/asset_proxy" shouldn't always be in HTTPS, so I am reverting to another config:
Henri
SSL_FORCE_URL_PREFIXES = ("/account",)
Henri
Stephen McDonald
Sep 30, 2012, 9:31:43 PM9/30/12
to Henri Colas, mezzani...@googlegroups.com
I suspect that it should use the same protocol as whatever the admin is using.
I was thinking that this is definitely an issue and that there should be some handling (not sure where) that says if SSL is configured, and the admin is forced to use it, then the asset_proxy URL should also do the same.
But now you're saying that's not the case?
Henri Colas
Oct 1, 2012, 5:06:02 PM10/1/12
to Stephen McDonald, mezzani...@googlegroups.com
On Mon, Oct 1, 2012 at 3:31 AM, Stephen McDonald <st...@jupo.org> wrote:
I suspect that it should use the same protocol as whatever the admin is using.
That's what I think too, but asset_proxy is used in other places, for instance when editing the content of an article directly from the site, not from the admin, it calls the url http://mydomain/asset_proxy/?u=http://mydomain/static/grappelli/tinymce/jscripts/tiny_mce/themes/advanced/source_editor.htm for html editing.
If asset_proxy is set to be redirected to https, this request gets a 302 response, and the redirection gives a 200 response without any content => the html source editor no longer works..
Same thing for direct image import/editing with the url http://mydomain/asset_proxy/?u=http://mydomain/static/grappelli/tinymce/jscripts/tiny_mce/plugins/advimage/image.htm
Stephen McDonald
Oct 1, 2012, 5:08:23 PM10/1/12
to mezzani...@googlegroups.com
Good point.
So the correct fix might be to exclude asset_proxy entirely from any redirects within the SSL middleware, allowing it to run on whatever protocol is being used in the page that references it.
Does that sound right?
Josh Cartmell
Oct 1, 2012, 6:35:37 PM10/1/12
to mezzani...@googlegroups.com
That makes sense to me. Awhile back (when ssl handling was still in cartridge) I updated the ssl middleware to look at an additional setting. URL prefixes in that setting would be served over whatever protocol they were requested on. Those changes are here:
https://bitbucket.org/joshcartme/cartridge_https-by-url-prefix/changeset/ee35ebeb0819a4dc257983e945d03a5fee0aea69
That change didn't make it into cartridge, but would something like this make sense at this point? That way if anything else comes up that should be accessible over either protocol it would be as easy as updating a setting. It could also give users the power to create urls in their own projects that would be accessible over either protocol.
https://bitbucket.org/joshcartme/cartridge_https-by-url-prefix/changeset/ee35ebeb0819a4dc257983e945d03a5fee0aea69
That change didn't make it into cartridge, but would something like this make sense at this point? That way if anything else comes up that should be accessible over either protocol it would be as easy as updating a setting. It could also give users the power to create urls in their own projects that would be accessible over either protocol.
Stephen McDonald
Oct 1, 2012, 8:48:17 PM10/1/12
to mezzani...@googlegroups.com
Kinda related - yesterday I added a new setting that allows you to disable redirecting back to HTTP when URLs that aren't marked as requiring SSL are accessed over SSL:
Seems like that might cover the same scenario.
zgohr
Oct 7, 2012, 11:31:22 AM10/7/12
to mezzani...@googlegroups.com, st...@jupo.org
Just adding this here if someone stumbles upon this thread in the future. File uploads do work over SSL, they just require a valid SSL certificate which can be garnered for free from http://www.startssl.com/
Reply all
Reply to author
Forward
0 new messages