upload fail topic #350311

  • Posts: 507
  • Thank you received: 21
  • Hikashop Business
1 year 3 months ago #354246

-- HikaShop version -- : 4.7.5
-- Joomla version -- : 4.3.3
-- PHP version -- : 8.1
-- Error-message(debug-mod must be tuned on) -- : upload fails with JCH

Hi,

In the improvements of version 4.7.4 this item was mentioned:

• The AJAX upload system can now work even on pages where JCH Optimize is configured to cache the javascript.

But I still have the same upload error (bar turning red) with JCH optimize active?

I made the changes again in the upload.php files to get it working. So you can not test on our website.

Last edit: 1 year 3 months ago by michelpouli.

Please Log in or Create an account to join the conversation.

  • Posts: 82785
  • Thank you received: 13351
  • MODERATOR
1 year 3 months ago #354250

Hi,

The code added to HikaShop regarding the improvement you're pointing at doesn't contain any of the changes discussed on this other thread.
We actually talked with a developer of JCHOptimize about the issue, and they proposed another modification so that the javascript of the uploader would get the CSRF token from Joomla before sending the AJAX request. That way, it would be up to date as JCH sets the CSRF token in the javascript so that it is not cached.
So with these modifications, the other modifications in the upload.php files shouldn't be necessary.

Now, with your feedback, I look deeper into it again, and I think I've made a mistake when implementing the changes. I've made a patch which should make it work without modification necessary in the uploader.php files.
Download again the install package of the 4.7.5 and install it on your website to get the patch and it should work without having to change the code in the uploader.php file.
If that still doesn't work, please provide a link to a page with the issue on your website so that we can look into it again (you can add the modifications again in that case, we'll still be able to study the issue).

Please Log in or Create an account to join the conversation.

  • Posts: 507
  • Thank you received: 21
  • Hikashop Business
1 year 3 months ago #354268

Hi Nicolas,

Thanks, I downloaded and installed the update. Unfortunately the issue is still there. So I made the changes again.

This is one page with the issue:

jouwnaambord.nl/plexiglas-naambord-met-eigen-foto

Please Log in or Create an account to join the conversation.

  • Posts: 82785
  • Thank you received: 13351
  • MODERATOR
1 year 3 months ago #354276

Hi,

I still see the same javascript code on your page, without the modification I added yesterday.
I suppose you forgot to clear your JCHOptimize cache and thus you're still seeing the old code on the page and that's why it still didn't work.

Please Log in or Create an account to join the conversation.

  • Posts: 507
  • Thank you received: 21
  • Hikashop Business
1 year 3 months ago #354280

Hi Nicolas,

I thought I deleted this page, but I will look at it asap. There's also an issue with JCH, so I will test tomorow. Thanks!

Please Log in or Create an account to join the conversation.

  • Posts: 507
  • Thank you received: 21
  • Hikashop Business
1 year 2 months ago #354455

Hi,

After clearing all cache it worked fine. Don't know why, but now the upload error is back again. See screenshot.
f.e. on jouwnaambord.nl/bedrijfsnaambord-wit-aluminium-15-x-20-cm

I made the modifications again to the upload.php

Attachments:
Last edit: 1 year 2 months ago by michelpouli.

Please Log in or Create an account to join the conversation.

  • Posts: 82785
  • Thank you received: 13351
  • MODERATOR
1 year 2 months ago #354456

Hi,

I just did a test and it worked fine and I can see the token in the upload request:
i.imgur.com/HYBhPJr.png
Could the problem be elsewhere ? Like you provided a file which isn't compatible with the restrictions you have in place ?

Please Log in or Create an account to join the conversation.

  • Posts: 507
  • Thank you received: 21
  • Hikashop Business
1 year 2 months ago #354502

Hi Nicolas,

No, I got messages from customers that the couldn't upload. So I tested it myself and the upload indeed failed on all permitted file extensions.

Please Log in or Create an account to join the conversation.

  • Posts: 82785
  • Thank you received: 13351
  • MODERATOR
1 year 2 months ago #354512

Hi,

Then I don't see why it would fail since now the token is properly provided by HikaShop during the upload.

We would need to investigate with a backend and FTP access. Could you provide that via our contact form ?
www.hikashop.com/support/contact-us.html

Please Log in or Create an account to join the conversation.

  • Posts: 507
  • Thank you received: 21
  • Hikashop Business
1 year 2 months ago #354529

just sended through cf

Please Log in or Create an account to join the conversation.

  • Posts: 82785
  • Thank you received: 13351
  • MODERATOR
1 year 2 months ago #354579

Hi,

The backend access you provided didn't work.

So I did some debugging with just the FTP access. I found today that contrarily to when I looked at the situation on your website 4 days ago ( www.hikashop.com/support/forum/checkout/...c-350311.html#354456 ) when it worked, the CSRF flag is not added to the AJAX upload request anymore.
I checked with FTP and I can still see the patch I've added a week ago.
I can also see the new code in the javascript to handle the CSRF flag on your page.
So this means that some of the javascript is not properly initialized on the page.
I think it comes from the javascript errors you have there:
i.imgur.com/NpQ7CJI.png
I think they are linked to a PayPal plugin. The error says that the client id is missing somehow.
However, I checked the cached JS of JCOptimize and I can see the client id in the URL:
i.imgur.com/WmmFo8d.png
So there might be some incompatibility with the JS SDK file of PayPal and JCHOptimize. I would recommend two things:
- JCHOptimize must have an option to turn off the caching of external files. Try turning this off and clearing the cache once. That should hopefully fix the javascript errors.
- This JS SDK file is only there to display messages on the product page. So it's not a crutial part. Supposing that you're using the PayPal Checkout plugin in HikaShop, there are display settings you can turn off in the payment method to not display these messages on the frontend listings / product details page / cart page, etc. Turn them off and then clear the JCHOptimize cache and it should fix the javascript errors.
Once the JS errors are fixed, the CSRF flag should be added to the AJAX upload request again, and the upload should work again without modifications in the code of HikaShop.

Please Log in or Create an account to join the conversation.

  • Posts: 507
  • Thank you received: 21
  • Hikashop Business
1 year 2 months ago #355041

Hi Nicolas,

I contacted Samuel from JCHOptimize again about this and he investigated the issue. This is what he replied:

The problem is that HikaShop is not accessing the correct CSRF token when the HTTP Request setting is enabled. I'll try to explain.

Joomla will publish the CSRF token in a script here:

i.imgur.com/O2YyMCU.png

When the HTTP Request setting is disabled, and the page is cached, JCH Optimize will update the correct CSRF token in the cached HTML page before sending it to the user, as each user will have a unique token. In these cases, with HTTP Request disabled, the upload works without issues.

If you enable the HTTP Request setting, the static cached HTML page is served without calling PHP using URL rewrite from the server level to reduce server response time significantly. This means JCH Optimize cannot modify the actual HTML page since this would need to be manipulated by PHP. In this case, a small script updates the correct CSRF in the DOM. So, while the outdated CSRF token is still on the HTML page, if you use the browser's development tool to access the DOM loaded in the browser, you'll find the updated and correct CSRF:

i.imgur.com/SOyhiJ0.png

It seems HikaShop is reading the token from the HTML sent to the browser, rather than accessing the script in the DOM itself, so the upload fails. If HikaShop can correct this, it should work.

Please Log in or Create an account to join the conversation.

  • Posts: 82785
  • Thank you received: 13351
  • MODERATOR
1 year 2 months ago #355044

Hi,

Thanks for the message.

HikaShop actually doesn't do either of this.
When you're triggering the upload of a file on the page, the HikaShop javascript will now call

Joomla.getOptions("csrf.token", "")
in order to get the current CSRF token served by the Joomla javascript.
If HikaShop is getting the old CSRF token when doing this, it means that on top of updating the DOM with the JSON, JCHOptimize should also update the data in the Joomla object. As far as I know, the way I did it is the proper way to read the CSRF token on the client side for an extension.
Or maybe I'm missing something ?
Please understand that I'm not familiar with how JCHOptimize works.

Please Log in or Create an account to join the conversation.

  • Posts: 507
  • Thank you received: 21
  • Hikashop Business
1 year 2 months ago #355051

Thanks, I will forward this to Samuel.

The following user(s) said Thank You: nicolas

Please Log in or Create an account to join the conversation.

Time to create page: 0.084 seconds
Powered by Kunena Forum