[Archivesspace_Users_Group] Error on v2.5.0 PUI print PDF

Stephen Innes s.innes at auckland.ac.nz
Thu Aug 16 21:30:31 EDT 2018


Blake, thank you.

We tried adding into the NGIX config the following

add_header 'Referrer-Policy' 'origin-when-cross-origin';

But this hasn't solved the problem.



Stephen Innes



-----Original Message-----
From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> On Behalf Of Blake Carver
Sent: Friday, 17 August 2018 12:20 PM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org>
Subject: [FORGED] Re: [Archivesspace_Users_Group] Error on v2.5.0 PUI print PDF

"Referrer Policy:origin-when-cross-origin"

I think that's it right there. I wish I could remember the details, but I've seen this before, there's something in one of the URLs being served that's breaking the cross origin rules. If I remember right, the counsel did show some errors and one of them had a localhost or something in a URL being served.


________________________________________
From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Stephen Innes <s.innes at auckland.ac.nz>
Sent: Thursday, August 16, 2018 7:58:09 PM
To: Archivesspace Users Group
Subject: Re: [Archivesspace_Users_Group] Error on v2.5.0 PUI print PDF

Blake,

No other errors other than the 422 error returned by the server.

General
Request URL:https://archives.library.test.auckland.ac.nz/repositories/2/resources/270/pdf
Request Method:POST
Status Code:422 Unprocessable Entity
Remote Address:130.216.14.106:443
Referrer Policy:origin-when-cross-origin

We do, however, have a Varnish caching server also running as well. But not sure if this has anything to do with the printing problem.

Response Headers
Accept-Ranges:bytes
Age:0
Connection:keep-alive
Content-Length:386
Content-Type:text/html; charset=iso-8859-1 Date:Thu, 16 Aug 2018 23:33:14 GMT
Server:Apache/2.4.29 (Unix)
Strict-Transport-Security:max-age=31536000
Via:1.1 varnish
X-Varnish:542914328
X-Webroute-Cache:MISS
X-Webroute-Cache-Reason:Cookie

Regards,

Stephen Innes


-----Original Message-----
From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> On Behalf Of Blake Carver
Sent: Friday, 17 August 2018 10:00 AM
To: 'archivesspace_users_group at lyralists.lyrasis.org' <archivesspace_users_group at lyralists.lyrasis.org>
Subject: [FORGED] Re: [Archivesspace_Users_Group] Error on v2.5.0 PUI print PDF

Do you see any errors in the Chrome Dev Tools Counsel when you hit that page?



________________________________________
From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Stephen Innes <s.innes at auckland.ac.nz>
Sent: Thursday, August 16, 2018 5:08:04 PM
To: 'archivesspace_users_group at lyralists.lyrasis.org'
Subject: [Archivesspace_Users_Group] Error on v2.5.0 PUI print PDF

Dear Colleagues,

Does anyone have a solution to the problem we have encountered when implementing the AS PUI on a NGINX web server? In the test environment, we receive the attached error message when attempting to print any finding aid in Chrome or Safari browsers, although it works OK in Firefox.

Our technical staff have identified the probable cause as our use of NGINX, as opposed to the Apache webserver.

In the AS notes https://github.com/archivesspace/tech-docs/blob/master/provisioning/https.md#nginx, there are examples configuring Apache, but there is a “FIXME Need nginx documentation” note where the Nginx documentation should be.

Can someone provide us with the NGINX documentation and especially configurations to fix the printing issue?

I am including below an earlier thread related to the issue.

Thanks,



Stephen Innes (ALIANZA)
Special Collections Manager
General Library, Te Herenga Mātauranga Whānui The University of Auckland Private Bag 92019 Auckland 1142 New Zealand Telephone (649) 373-7599 ext. 88062
Website: http://www.library.auckland.ac.nz/about-us/collections/special-collections/general-library
Online exhibition: Special Collections First World War Centenary 2014-2018<http://www.specialcollections.auckland.ac.nz/ww1-centenary>


From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> On Behalf Of Majewski, Steven Dennis (sdm7g)
Sent: Saturday, 17 March 2018 3:29 AM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org>
Subject: [FORGED] Re: [Archivesspace_Users_Group] error on v2.2.0 PUI print PDF: InvalidAuthenticityToken



Just for the record: we were missing these two lines documented in README_HTTPS.md example in our apache config:

       RequestHeader set X-Forwarded-Proto "https"
       ProxyPreserveHost On


After adding those lines it appears to work properly.


— Steve M.


On Jan 23, 2018, at 5:46 PM, Majewski, Steven Dennis (sdm7g) <sdm7g at virginia.edu<mailto:sdm7g at virginia.edu>> wrote:


Also discovered that PDF print thru SSL proxy does work in Firefox after googling “authenticity token proxy ssl”
and seeing title of this Rails issue:

 CSRF protection prevents some webkit users from submitting forms · Issue #21948 · rails/rails<https://github.com/rails/rails/issues/21948>

I’ve been seeing the bug in Safari, and you’ve been seeing it in Chrome. Both, I believe, are webkit based.

Long discussion thread that I haven’t digested yet, so I’m not sure if that is the problem here.
That same google search brings up some other issues that may be related to not passing all of the headers thru proxy.

https://github.com/rails/rails/issues/22965


— Steve M.



On Jan 23, 2018, at 5:15 PM, Majewski, Steven Dennis (sdm7g) <sdm7g at virginia.edu<mailto:sdm7g at virginia.edu>> wrote:


Thanks. Yes: I’m still seeing the problem. No: no solution so far.
The fact that I was only seeing it on production limited my ability to debug.
Now that you’ve found it’s linked to SSL proxy, I will try to set up test machines to reproduce the problem.

— Steve.



On Jan 23, 2018, at 4:25 PM, Chelsea Lobdell <clobdel1 at swarthmore.edu<mailto:clobdel1 at swarthmore.edu>> wrote:

Update: we were able to identify that this error was happening only when running the application over SSL. Accessing the site over non-SSL allowed the print function to work.
- Chelsea

---------------
Chelsea Lobdell
Library Web Developer/ Swarthmore College clobdel1 at swarthmore.edu<mailto:clobdel1 at swarthmore.edu> / (610)690-6818

On Tue, Jan 23, 2018 at 3:45 PM, Chelsea Lobdell <clobdel1 at swarthmore.edu<mailto:clobdel1 at swarthmore.edu>> wrote:
Hi Aspace!
I saw this post on the user group but was not able to find the thread in my email so I apologize for replying off thread.
We are seeing this same error and we are running v.2.2.2 However, the error seems to be browser specific as it only happens in Chrome. Here's the log output:

Jan 23, 2018 3:32:31 PM org.eclipse.jetty.server.handler.ContextHandler$Context log
INFO: W, [2018-01-23T15:32:31.474750 #21127]  WARN -- : [e1415e7e-47c5-4776-893f-cb5a7b33a4d9] Can't verify CSRF token authenticity.

Jan 23, 2018 3:32:31 PM org.eclipse.jetty.server.handler.ContextHandler$Context log
INFO: I, [2018-01-23T15:32:31.478068 #21127]  INFO -- : [e1415e7e-47c5-4776-893f-cb5a7b33a4d9] Completed 422 Unprocessable Entity in 6ms

Jan 23, 2018 3:32:31 PM org.eclipse.jetty.server.handler.ContextHandler$Context log
INFO: F, [2018-01-23T15:32:31.485699 #21127] FATAL -- : [e1415e7e-47c5-4776-893f-cb5a7b33a4d9]

Jan 23, 2018 3:32:31 PM org.eclipse.jetty.server.handler.ContextHandler$Context log
INFO: F, [2018-01-23T15:32:31.486567 #21127] FATAL -- : [e1415e7e-47c5-4776-893f-cb5a7b33a4d9] ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

Jan 23, 2018 3:32:31 PM org.eclipse.jetty.server.handler.ContextHandler$Context log
INFO: F, [2018-01-23T15:32:31.487220 #21127] FATAL -- : [e1415e7e-47c5-4776-893f-cb5a7b33a4d9]
Steve, were you ever able to find a solution for this? Has anybody else encountered this error when trying to print a PDF of a collection in Chrome?
Thanks,
Chelsea
---------------
Chelsea Lobdell
Library Web Developer/ Swarthmore College clobdel1 at swarthmore.edu<mailto:clobdel1 at swarthmore.edu> / (610)690-6818<tel:(610)%20690-6818>
_______________________________________________
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group at lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
_______________________________________________
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group at lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
_______________________________________________
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group at lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group


More information about the Archivesspace_Users_Group mailing list