Update 2.1.0 on 27.1.6 makes all office files unusable...
Dennis1993 opened this issue Β· 43 comments
Describe the bug
I'm using NextCloud 27.1.6 and in the app store an update for this app was offered. After the update I can't open a document. All files are shown this error:
To Reproduce
Steps to reproduce the behavior:
- Update the App to the latest version
- Open an office file (xlsx, docx...)
- Nothing is working anymore
Expected behavior
Opens the document to edit it
Client details:
- OS: Windows 10
- Browser: Microsoft Edge
- Version: 121.0.2277.112
Server details
Operating system:
Ubuntu 20.04
Web server:
Apache 2.4.58
Database:
MariaDB 10
PHP version:
PHP 8.2
Nextcloud version:
27.1.6
Version of the officeonline app
2.1.0
Version of Office Online server
latest
Logs
Nextcloud log (data/nextcloud.log)
{"reqId":"2cp28s7Nyin0S1XzLGLM","level":3,"time":"2024-02-16T14:02:42+00:00","remoteAddr":"XX.XX.XX.XX","user":"--","app":"PHP","method":"GET","url":"/index.php/apps/officeonline/public?shareToken=kjddET7BcZn2Lds&fileName=test.docx","message":"Undefined array key \"urlsrc\" at /var/www/html/apps/officeonline/templates/documents.php#6","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0","version":"27.1.6.2","data":{"app":"PHP"},"id":"65cfc4ewb7614"}
{"reqId":"2cp28s7Nyin0S1XzLGLM","level":3,"time":"2024-02-16T14:02:42+00:00","remoteAddr":"XX.XX.XX.XX","user":"--","app":"PHP","method":"GET","url":"/index.php/apps/officeonline/public?shareToken=kjddET7BcZn2Lds&fileName=test.docx","message":"Undefined array key \"token\" at /var/www/html/apps/officeonline/templates/documents.php#5","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0","version":"27.1.6.2","data":{"app":"PHP"},"id":"65cfc4ewb7614"}
Browser log
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob:". Either the 'unsafe-inline' keyword, a hash ('sha256-PB66qjjzQ+aHxDwre34rw49qQh7Nms3AfvueD2Z2Y='), or a nonce ('nonce-...') is required to enable inline execution.
Proxying an event bus of version 3.1.0 with 1.1.4
POST /index.php/apps/officeonline/undefinedWOPISrc=https%3A%2F%2Fcloud.mydomain.de%2Findex.php%2Fapps%2Fofficeonline%2Fwopi%2Ffiles%2Fundefined&title=undefined&lang=de&closebutton=1&revisionhistory=1 404 (Not Found)
Same here
Same here! App is broken after the update π
I cannot reproduce that. Could you check your configured office server url and try to save it again to see if that makes a difference?
Same problem. The config has a green check and says all is ok.
But if I try to open a file the 404 is there.
I downgraded the app and now it is working. After updating again the error appears again.
in the browser log I see the undefined again:
POST /index.php/apps/officeonline/undefinedWOPISrc=https%3A%2F%
Same problem here
Docs cannot be opened if shared by public link
Docs shared to user internally opens with no problem
Downgrade to 2.0.3 resolved issue for us
Same problem, but only in edge.
In firefox & chrome works great.
In edge i see this in "inspect" - "console" tab:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
Some problem with Edge,Opera
Please fix it faster!
You can downgrade to the old version.
Uninstall and delete the app (via web interface) and manually put the old version in the apps folder. Then simply activate it via the web interface. In my 27.1.6 itβs working with this trick. Now I wait for an update.
Are you also using v27.1.6? :)
Hi,
It seems that commenting line 384 in lib/Controller/DocumentController.php, which is allowInlineScripts(true) (all by memory, sorry) concerning the "public" function removes the error. The method does not exists anymore. I did not need to comment the other similar lines but this one "helps" for the public issue.
Hi,
It seems that commenting line 384 in lib/Controller/DocumentController.php, which is allowInlineScripts(true) (all by memory, sorry) concerning the "public" function removes the error. The method does not exists anymore. I did not need to comment the other similar lines but this one "helps" for the public issue.
Thank you for your support. I completely removed this part on line 384 and the problem with public links was solved π
$policy->allowInlineScript(true);
@juliushaertl is that a quick and good solution for us to publish a new version quickly? :)
At the moment we have a blocker and broken release
Thanks all for reporting and providing this additional insight. I will need to check this in further depth as for Nextcloud 28 the method was actually dropped and then there seems to be an issue with edge. I have an idea how to resolve that, just needs some more testing. For now, everyone on 27 and below can just add that line back which is a reasonable fix.
For people on 28, I'll drop a message here when I have a testable patch.
Follow up release will then happen as soon as possible of course as well.
Thank you very much @juliushaertl for your great work!
I pushed a fix for this in nextcloud/server#43778 but also a workaround for officeonline at 0e80d36
If anyone can help testing this, that would be highly appreciated.
You can apply the patch on top of the 2.1.0 release with the following commands:
cd apps/officeonline
wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch
patch -p1 < 0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch
Tried the patch. It still doesnt work as it should.
In edge i get a 404 not found from the nextcloud instance.
I can try some more later this afternoon. I can only reach this system by teamviewer.
For me it is on both internal documents as well as external links
I pushed a fix for this in nextcloud/server#43778 but also a workaround for officeonline at 0e80d36
If anyone can help testing this, that would be highly appreciated.
You can apply the patch on top of the 2.1.0 release with the following commands:
cd apps/officeonline wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch patch -p1 < 0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch
@juliushaertl The patch and the workaround did not work on its own. But with the patch to nextcloud core it does work.
Do you think it can be added to 28.0.3 ?
I pushed a fix for this in nextcloud/server#43778 but also a workaround for officeonline at 0e80d36
If anyone can help testing this, that would be highly appreciated.
You can apply the patch on top of the 2.1.0 release with the following commands:
cd apps/officeonline wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch patch -p1 < 0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch
Hi Julius, I made the changes (but by hand, I had some fails with the patch) and hope I didn't miss anything. Here what I can tell:
- public view/edition works
- Edge view/edition works as well
Empty docx and pptx at least cannot be edited (which was possible with just the line commented). This bug started with NC28 and might be related
It looks like pretty promising!
I also want to mention that there is another "old" allowInlineScript in lib/DirectEditing/DirectEditor.php.
I used the new line but I don't know if it's a good idea and it does not solve the empy docs issue.
Thanks ! That might be just because DocumentController.php was not the original because I commented lines.
And I don't have any issue anymore on empty docs... So as far I can tell, everything seems to work concerning this issue for me.
Edit : at least on NC 28.0.2 with officeonline 2.1.0
I have updated our system to 28.0.3 to see if problem will be resolved but still the same problem "Error 404 The page could not be found on the server."
then I have noticed that system overview says "Some files have not passed the integrity check. [List of invalid files]
which returns below
[officeonline] => Array
(
[INVALID_HASH] => Array
(
[lib/Controller/DocumentController.php] => Array
(
[expected] => aeb04d44bd8c1b37cc3fbd8f9cc2dc643f49097b8aabb20ae8cbbd4211fff62926431e7704b658306a5d5c8f9871d4af65ad6639c356c29d8e3f667faae7f356
[current] => 7cbd181a30bc3a0b78abccdfff2ff94c34cb838b7555dc85497caa7293c9b63c4b351ceea96f8d7aed83c3f2275440cfc53cc1aa59d860c2899efa429cdad315
and below one (but I am not sure if it is related with office online integration or not)
"Your webserver does not serve .mjs
files using the JavaScript MIME type. This will break some apps by preventing browsers from executing the JavaScript files. You should configure your webserver to serve .mjs
files with either the text/javascript
or application/javascript
MIME type."
Now I had to switch back to 27.1.6 where everything is working fine.
note. I have tried the office patched but nothing changed.
I patched this file 0e80d36 in my 27.1.7 install but nothing changed. Error 404 again. :(
Now I updated to 28.0.3 but the same error appears with this fix.
Downgrade to 27.0.1 and old version of OfficeOnline.
Seems like you still need the nextcloud server patch AND you need the patch for office online. There is no possibility to patch just one part. I have not tested with 28.0.3 and after checking the patch for nextcloud server itself is not in 28.0.3. So to get 28.0.3 apply the server patch and the office online patch.
how do you patch the nextcloud core?
here is what I have done
cd /var/www/nextcloud/apps/officeonline
wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch
patch -p1 < 0e80d36.patch
Unfortunately, we have the same problem with our 27.1.7.
Patch or downgrade to version 2.0.3 does not work. An upgrade of nextcloud to 28 is not possible, because of incompatible apps. At this time we can only use Google Chrome. (We install the nextcloud update from 27.1.5 to 27.1.7 on saturday with already installed 2.1.0. At this time it works. Unfortunately, we only noticed the bug today. Reverting to an old backup is now only possible with data loss)
Unfortunately, we have the same problem with our 27.1.7. Patch or downgrade to version 2.0.3 does not work. An upgrade of nextcloud to 28 is not possible, because of incompatible apps. At this time we can only use Google Chrome. (We install the nextcloud update from 27.1.5 to 27.1.7 on saturday with already installed 2.1.0. At this time it works. Unfortunately, we only noticed the bug today. Reverting to an old backup is now only possible with data loss)
There might be a possibilty to check whats needed to get it to work in 27.1.7. @Misu4 What apps are keeping you from going to 28.0.3?
Unfortunately, we have the same problem with our 27.1.7. Patch or downgrade to version 2.0.3 does not work. An upgrade of nextcloud to 28 is not possible, because of incompatible apps. At this time we can only use Google Chrome. (We install the nextcloud update from 27.1.5 to 27.1.7 on saturday with already installed 2.1.0. At this time it works. Unfortunately, we only noticed the bug today. Reverting to an old backup is now only possible with data loss)
There might be a possibilty to check whats needed to get it to work in 27.1.7. @Misu4 What apps are keeping you from going to 28.0.3?
We use the markdown editor, the metadata addon and the heic image converter. Important is the markdown editor.
Is there a solution for the next NextCloud update to 28.0.4 that we can finally use again?
Unfortunately, I don't know what we're waiting for at the moment.
Thanks
I assume we are waiting for developers to have some spare time to fix the issue for the benefit of affected community =)
Any info on the Nextcloud core patch mentioned above ? , I want to try the fix while waiting for Nextcloud 28.0.4 to be released , also any news if the fix will be in next version of Office Online app and when that will be ?
Any info on the Nextcloud core patch mentioned above ? , I want to try the fix while waiting for Nextcloud 28.0.4 to be released , also any news if the fix will be in next version of Office Online app and when that will be ?
cd apps/officeonline
wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch
patch -p1 < 0e80d36.patch
You need those three @robake1
Any info on the Nextcloud core patch mentioned above ? , I want to try the fix while waiting for Nextcloud 28.0.4 to be released , also any news if the fix will be in next version of Office Online app and when that will be ?
cd apps/officeonline wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch patch -p1 < 0e80d36.patch
You need those three @robake1
Thanks for the answer @small1 , will look at those . A bit new on Github to find the files for each but will try it :)
Anyone tested this version in 28.0.4?
Is it working now?
Or is it needed to change the file 0e80d36 ?
I havent tried it yet but changelog says that
nextcloud/server#43778 is fixed
So i assume if you do 0e80d36 by
sudo nano /var/www/nextcloud/apps/officeonline/lib/Controller/DocumentController.php
and office online patch it should work by
cd /var/www/nextcloud/apps/officeonline
wget https://github.com/nextcloud/officeonline/pull/526/commits/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch
patch -p1 < https://github.com/nextcloud/officeonline/commit/0e80d3664660c7a7e1adb5c345082bc3307bdaba.patch
let us know if any of you give it a try
Short feedback: I updated my instance to 28.0.4 and without touching a file it is working. I can open and create new files π
Using
.\update.sh to update version 28.0.4 solved our issue
Without change any files it is working but my Log is spammed:
Exception
Call to undefined method OCP\AppFramework\Http\ContentSecurityPolicy::allowInlineScript() in file
'/var/www/nextcloud/apps/officeonline/lib/Controller/DocumentController.php' line 384
Ok I patched the file 0e80d36 because shares not working. Now it works fine! π
@juliushaertl can you create a new version of this app, please? With 28.0.4 and the patched file it works fine.
Thank you very much