Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Regression: Ajax error in ngnix #1244

Closed
slyholborn opened this issue Oct 12, 2017 · 42 comments
Closed

Regression: Ajax error in ngnix #1244

slyholborn opened this issue Oct 12, 2017 · 42 comments

Comments

@slyholborn
Copy link

slyholborn commented Oct 12, 2017

Hello, after update to 1.6.3 (and update to 1.3.5) i've got issues in the admin pannel : the site seems to work well allthough, exept featherlight wich wouldn't work before update anyway. As i need a gallery, i also need to deal with this error for i'm sure it has no link between.
Thanks!

`Fetch Failed:
can't convert undefined to object

value/<@http://lelogisencorse.ddns.net/user/plugins/admin/themes/grav/js/admin.min.js?1451599962:5:23728
o/<@http://lelogisencorse.ddns.net/user/plugins/admin/themes/grav/js/admin.min.js?1451599962:4:27913

Invalid AJAX response.` 
@slyholborn
Copy link
Author

slyholborn commented Oct 12, 2017

I cannot put media on pages no more via the admin pannel : as soon as i save, they disapear after refresh. It works well by putting images in directory, but non of them appears on admin page. They are on the site

I cannot logout anymore

@ngocgiang2512
Copy link

I have the similar issue after update plugins. It warns whenever I click on saved button.
screen shot 2017-10-12 at 2 39 13 pm

@rhukster
Copy link
Member

Can you guys please provide some details regarding your webserver and php version?

@mitchellkrogza
Copy link

mitchellkrogza commented Oct 12, 2017

Yes me too, brand new site and I stupidly updated it to 1.3.5 now all sorts of Ajax errors. Also cannot even logout of Admin keeps giving "Invalid Security Token". Hope it can be fixed soon.

@rhukster

Server nginx version: nginx/1.12.1

PHP 7.0.22-0ubuntu0.16.04.1 (cli) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.22-0ubuntu0.16.04.1, Copyright (c) 1999-2017, by Zend Technologies

Other sites still running 1.3.4 of Grav all working 100%

screen shot 2017-10-12 at 4 31 28 pm

screen shot 2017-10-12 at 4 44 08 pm

screen shot 2017-10-12 at 4 45 06 pm

Clicking on ANY of the menu items on the left gives Ajax Error

@rhukster
Copy link
Member

rhukster commented Oct 12, 2017

BTW, can you guys help me out by first backing-up/copying your system/src/Grav/Common/Uri.php file and then try putting back the version from Grav 1.3.4: https://github.com/getgrav/grav/blob/1.3.4/system/src/Grav/Common/Uri.php

If that sorts it, we can narrow things down. We did some refactoring on this class and I think it's what's leading to your issues.

@mitchellkrogza
Copy link

@rhukster I can confirm that fixes the issue

@rhukster
Copy link
Member

Still would be helpful to know your environment information because I can't replicate this on my local test installs.

@rhukster rhukster added the bug label Oct 12, 2017
@mitchellkrogza
Copy link

mitchellkrogza commented Oct 12, 2017

@rhukster another issue to add here. Simple markdown is not working either.

<center>![](motsepe-commercial-photography-projects-logo.jpg)</center>

Renders as:

screen shot 2017-10-12 at 5 04 06 pm

and using custom.css in antimatter which only contains one line in it .centerimage { display: block; margin: 0 auto; }

If I do ![](motsepe-commercial-photography-projects-logo.jpg){.centerimage} it renders the page as follows

screen shot 2017-10-12 at 5 06 07 pm

@mitchellkrogza
Copy link

@rhukster exactly what do you need to know from my environment? I am happy to provide anything you need.

@rhukster
Copy link
Member

That's IMG/markdown things is actually nothing related to this, that's a problem with markdown extra? That is not regular markdown because you cannot put markdown inside HTML tags with regular markdown. The better way to fix that is with:

![](motsepe-commercial-photography-projects-logo.jpg?classes=centerimage)

@rhukster
Copy link
Member

  • Webserver (apache/nginx), if nginx, webserver config file.
  • PHP version

To start with

@mitchellkrogza
Copy link

Thanks @rhukster but that previously worked perfectly on 1.3.4 (still does) ie. adding the class at the end like that.

I provided that info earlier up

Nginx 1.12.1

PHP 7.0.22-0ubuntu0.16.04.1 (cli) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.22-0ubuntu0.16.04.1, Copyright (c) 1999-2017, by Zend Technologies

nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 1024;
	multi_accept on;
    use epoll;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 90s;
	keepalive_requests 1000;
	server_tokens off;
	client_body_buffer_size 32k;
	client_header_buffer_size    1k;
	client_max_body_size 50M;
	types_hash_max_size 2048;
	large_client_header_buffers 4 16k;
	variables_hash_max_size 2048;
	variables_hash_bucket_size 1024;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;


	# Our request limiter zone for wp-login attacks
	limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s;
    
	# Add FastCGI caching
	# https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/
	# Set Caching Zones - I am keeping these separate for now - easier to purge and control

	open_file_cache                 max=10000 inactive=5m;
	open_file_cache_valid           1m;
	open_file_cache_min_uses        1;
	open_file_cache_errors          on;

	fastcgi_cache_key "$scheme$request_method$host$request_uri";
	fastcgi_cache_use_stale error timeout invalid_header updating http_500;

	fastcgi_cache_path /var/cache/nginx/general levels=1:2 keys_zone=GENERAL:100m inactive=100m;

	##
	# Logging Settings
	##

	log_format  custom  '$remote_addr - $http_x_forwarded_for $remote_user $server_port [$time_local] "$request" '
                  '$status "$http_referer" "$http_user_agent" "$http_header"'
                  '"$body_bytes_sent" - "$gzip_ratio"';

                        
	access_log /var/log/nginx/access.log main_ext;
	error_log /var/log/nginx/error.log warn;


	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "MSIE [1-6]\.";
	gzip_vary on;
	gzip_static on;
	gzip_min_length 20;
	gzip_proxied expired no-cache no-store private auth;
	gzip_comp_level 7;
	gzip_buffers 32 4k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}

@mitchellkrogza
Copy link

The ![](motsepe-commercial-photography-projects-logo.jpg?classes=centerimage) fixes that and I learned something new about how to do that so thanks @rhukster

@rhukster
Copy link
Member

Can you guys who are having this problem, inspect the XHR requests for the Ajax calls?

In chrome, this in web developer tools -> network -> xhr

Then reload the page and inspect the Request URL and the response

@rhukster
Copy link
Member

Actually if any of you could PM me directly on slack with login details to your site, that would help a lot and be much appreciated.

@rhukster
Copy link
Member

@mitchellkrogza can you also include your php nginx configuration? specifically the PHP bit, like:

    ## Begin - PHP
    location ~ \.php$ {
        # Choose either a socket or TCP/IP address
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        # fastcgi_pass 127.0.0.1:9000;

        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    }
    ## End - PHP

@mitchellkrogza
Copy link

Here you go:

    # BEGIN - Index

    # for subfolders, simply adjust:
    # `location /subfolder {`
    # and the rewrite to use `/subfolder/index.php`

    location / {
        try_files $uri @index;

	location /assets {
            gzip_static on;
        	}
		}

    location @index {
        try_files = /index.php?_url=$uri&$query_string;
    }

	## END - Index

    ## BEGIN - Security

    # set error handler for these to the @index location
    error_page 418 = @index;
    # deny all direct access for these folders
    location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 418; }
    # deny running scripts inside core system folders
    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 418; }
    # deny running scripts inside user folder
    location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 418; }
    # deny access to specific files in the root folder
    location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 418; }

    ## END - Security


    ## BEGIN - PHP

    location = /index.php {

        ## BEGIN - FastCGI caching

        fastcgi_cache_bypass $no_cache1 $no_cache2;
        fastcgi_no_cache     $no_cache1 $no_cache2;
		fastcgi_cache           GENERAL;
        fastcgi_cache_key       "$scheme$request_method$host$request_uri$sessionkey";
        fastcgi_cache_valid     200 30m;
        fastcgi_cache_valid     404 5m;
        fastcgi_cache_valid     any 1m;
        fastcgi_ignore_headers  "Cache-Control"
                                "Expires"
                                "Set-Cookie";

        fastcgi_cache_use_stale error
                                timeout
                                updating
                                http_429
                                http_500
                                http_503;

        fastcgi_cache_background_update on;

        ## END - FastCGI caching

		fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;


		# Choose either a socket or TCP/IP address
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

    ## END - PHP

    	## Begin - PHP Security

    	# deny access to other .php-scripts
    	location ~ \.php$ { 
    		return 418; 
    		}

		## END - PHP Security

	## BEGIN - Cache Purge Settings	

    location ~ /purge(/.*) {
        fastcgi_cache_purge GENERAL "$scheme$request_method$host$1";
    }	

	## END - Cache Purge Settings	

@mahagr
Copy link
Member

mahagr commented Oct 12, 2017

I'm able to reproduce the issue, trying to locate the issue now. Thanks for the detailed help!

@mitchellkrogza
Copy link

No problem whatsoever.

@slyholborn
Copy link
Author

Don't know if it's still usefull but i'm on
ngnix
PHP Version 5.6.30-0+deb8u1
on raspbian Jessie

@mahagr
Copy link
Member

mahagr commented Oct 12, 2017

Nope, it wasn't that. Can you please come to grav chat? I need your help to figure this out.

@rhukster
Copy link
Member

I'm setting up a raspberry pi / nginx setup to see if i can replicate it too.

@slyholborn what does your nginx.conf look like?

@slyholborn
Copy link
Author

I post it as soon as i can acces the server. I'm at work without my ssh keys...

@rhukster
Copy link
Member

Ok, i've narrowed it down to Nginx, and specifically the try_files part of the configuration. My test site had simply:

location / {
        try_files $uri $uri/ /index.html /index.php;
}

And this worked, however, the webserver-configs/nginx.conf file (and possibly other places has been updated so it looks like this:

location / {
        try_files $uri $uri/ /index.php?_url=$uri&$query_string;
}

When I change it to this, and restart nginx, it breaks with that ajax error. So i removed the &$query_string at the end, and it worked.

So something related to the query_string in this nginx configuration and the changes/fixes we made in the URI class are breaking it.. Not fixed yet, but narrowing things down.

@mahagr
Copy link
Member

mahagr commented Oct 12, 2017

Yeah, do not remove the query_string part! It's really needed :)

@rhukster
Copy link
Member

Yah this is not the solution, but it is narrowing things down for us.. just giving you guys a running commentary. If you can test that removing it 'does' fix your ajax issues, then we are solving the same problem you are having... that's all..

@peracchi
Copy link

Info from my system (Mac OS X El Capitan 10.11.6) below. If more details can help, please ask.

$ php -v
PHP 7.1.9 (cli) (built: Sep  4 2017 10:20:56) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies

$ nginx -v
nginx version: nginx/1.12.1

/usr/local/etc/nginx/servers $ cat cbea.dev
server {
    #listen 80;
    index index.html index.php;

    ## Begin - Server Info
    root /Users/peracchi/development/grav/cbea.dev;
    server_name cbea.dev;
    ## End - Server Info

    ## Begin - Index
    # for subfolders, simply adjust:
    # `location /subfolder {`
    # and the rewrite to use `/subfolder/index.php`
    location / {
        try_files $uri $uri/ /index.php?_url=$uri&$query_string;
    }
    ## End - Index

    ## Begin - Security
    # deny all direct access for these folders
    location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
    # deny running scripts inside core system folders
    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny running scripts inside user folder
    location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
    # deny access to specific files in the root folder
    location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
    ## End - Security

    ## Begin - PHP
    location ~ \.php$ {
        fastcgi_pass 127.0.0.1:9000;

        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    }
    ## End - PHP
}

@mahagr mahagr changed the title Ajax error Regression: Ajax error in ngnix Oct 12, 2017
@rhukster
Copy link
Member

Yup, we have a fix.. a workaround for this _url=$uri part (in Uri.php class), and also we've changed the default nginx.conf example to remove this as it's not really needed.

rhukster added a commit to getgrav/grav that referenced this issue Oct 12, 2017
@rhukster
Copy link
Member

Ok, we're going to re-release Grav now with this fix.

@slyholborn
Copy link
Author

Great!

@mitchellkrogza
Copy link

Thanks @rhukster and team for a quick fix. Updated this morning 1.3.6 and all is working again 👍

@slyholborn
Copy link
Author

All works fin here too! Thanks!!

@mitchellkrogza
Copy link

mitchellkrogza commented Oct 13, 2017

Anyone stuck at 1.3.5 and unable to update it to 1.3.6 simply do the following

cd /var/www/yourgravsite/
sudo mv system/src/Grav/Common/Uri.php system/src/Grav/Common/BACKUP-Uri.php
sudo wget https://raw.githubusercontent.com/getgrav/grav/1.3.4/system/src/Grav/Common/Uri.php -O /var/www/yourgravsite/system/src/Grav/Common/Uri.php
sudo chown -R www-data:www-data /var/www/yourgravsite/

Then reload Admin and you will be able to update it.

@maxalmonte14
Copy link

I have the exact same issue as @mitchellkrogza, I'm working on local with the built-in PHP server, the php -v command show me

PHP 7.1.7 (cli) (built: Jul  6 2017 16:51:52) ( ZTS MSVC14 (Visual C++ 2015) x64
 )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies

And I have the latest Grav version v1.3.8

sin titulo8

@rhukster
Copy link
Member

Read the info above. The issue is probably the same as the original poster, you need to change your try_files line. It was broken before and shouldn't of worked, we fixed something and it brought this issue to the surface.

@maxalmonte14
Copy link

Thank very much, I'm gonna try your solution.

Only for an informational purpose, I have to say this it's not happening on Linux at least for me even working with the PHP built server and the same Grav project. (I'm using Linux Mint 18.2 x64)

In the previous message, I was working on Windows 10.

image

@colinwilson
Copy link

colinwilson commented Nov 4, 2017

I'm experiencing this using my Built-in PHP Webserver, php -S localhost:8000 system/router.php.

Grav: 1.3.8

PHP 7.1.11 (cli) (built: Oct 25 2017 20:54:15) ( NTS MSVC14 (
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies

2017-11-04 04_13_28-

How do you adjust the try_files line in this case?

@rhukster
Copy link
Member

rhukster commented Nov 4, 2017

@colinwilson can you please open a new ticket. This is a similar but different error that must be related to the system/router.php

@JOduMonT
Copy link

hum; Interesting...

I'm not sure if it's because I'm using freebsd 11.1-RELEASE-p8 with nginx/1.12.2 and PHP 7.1.15

but for me it's the inverse :
which I copied the nginx.conf from getgrav doc than I had this ajax error
so I i comment the ?q=$uri&$args and simply replace it by
try_files $uri $uri/ /index.php;

as this

 location / {
    #try_files $uri $uri/ /index.php?q=$uri&$args;
    try_files $uri $uri/ /index.php;
 }

it's work fine (without error)

@velsa
Copy link

velsa commented Apr 26, 2018

I get all the errors possible with latest grav (Grav CLI Application version 1.4.3) and Ubuntu 16.04.4 LTS. Invalid security token appears when I click the Clear Cache button, Invalid AJAX - every time I refresh the page.
Enabled debug in user/config/system.yaml
Tried different nginx config options as described in this thread.

No errors in console, no errors in nginx error log.
No idea what to do next.

screenshot 2018-04-26 14 13 57
screenshot 2018-04-26 14 14 08

@mahagr
Copy link
Member

mahagr commented Apr 30, 2018

@velsa Please create a new issue from this as nobody looks at closed issues. :)

@hughbris
Copy link
Contributor

@velsa Please create a new issue from this as nobody looks at closed issues. :)

They really should though, unless you publish that you follow a workflow where they are deliberately ignored. Is it a notification issue? (let this be a test!)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests