Comments (10)
Hi. does this also happen when you don't use stackblitz? (e.g. local development) i have a theory that it happens because in stackblitz the app runs inside of an iframe
from uppy.
@mifi yes it happens in local development, stackblitz and in production. I forgot to mention I am also using Cloudflare with DNS proxy
from uppy.
ok thanks for clearing that up.
- Does it happen in all browsers for you?
- Do you mean that you're using cloudflare with DNS proxy in front of Companion or for the Uppy static code?
- If so, does it happen if you by-pass cloudflare and connect directly to companion?
- Does cloudflare forward all headers from companion?
- Does it happen if you run Companion on localhost and connect to it using local Uppy?
Where is Companion hosted? I don't know how your stackblitz can possibly work because it uses https://example.com/companion
I think it could be related to #4107
from uppy.
also have you set a Cross-Origin-Opener-Policy
header?
from uppy.
I can see that Cross-Origin-Opener-Policy: same-origin
does get set when running from StackBlitz. So it won't work there.
Having a Cross-Origin-Opener-Policy header with a value of same-origin prevents setting opener. Since the new window is loaded in a different browsing context, it won't have a reference to the opening window.
from https://developer.mozilla.org/en-US/docs/Web/API/Window/opener
Are you setting that header when testing locally and in production?
from uppy.
- Error happens in Chrome/Incognito and Firefox
- Cloudflare with DNS proxy in front of Both companion and uppy static code.
- Turning off Cloudlfare DNS proxy causes
net::ERR_CERT_AUTHORITY_INVALID
when Uppy code communicates with the companion server - Headers are pasted as above. I'm unsure how to examine this further
- Just reproduced the error running Companion on localhost and connecting to it using local Uppy
- Yes, in production you can see
add_header Cross-Origin-Opener-Policy 'unsafe-none' always;
in my nginx config pasted above. I haven't tested that locally. Should companion do that by default?
from uppy.
Are the Uppy web-app static files hosted in nginx also (the configuration above)? If not, can you check whether the request to get the webapp HTML has a Cross-Origin-Opener-Policy
header in the response? (for example using chrome developer tools Network tab)
from uppy.
No they are hosted by Vercel, or locally in Nuxt3 Nitro server. example.com is a redaction. All headers were being sent.
I think I solved it, the problem was the nuxt-security module I am using:
security: {
nonce: true,
corsHandler: {
origin: process.env.AUTH_BASE_URL,
methods: "*",
},
headers: {
crossOriginEmbedderPolicy: false,
contentSecurityPolicy: {
"script-src-attr": ["'unsafe-hashes'", "'unsafe-inline'"],
"img-src": false, //["'self'", 'data:'],
"script-src": [
"'self'",
"https:",
"'unsafe-inline'",
"'strict-dynamic'",
"'nonce-{{nonce}}'",
"'unsafe-eval'",
],
},
},
},
The stackblitz same-origin
must have been confounding my tests with the Uppy vue template. Thanks for your time @mifi
from uppy.
alright, so Cross-Origin-Opener-Policy: same-origin
was the problem, and we close this? I think we should provide a better error message (not just a blank page)
from uppy.
Yes that was the problem. I'll close the issue
from uppy.
Related Issues (20)
- Tus endpoint not being respected after initial request behind reverse proxy HOT 9
- i18n "Shared with me" etc HOT 1
- Allow streaming upload also for unknown length streams HOT 1
- @uppy/companion: include origin in dynamic customer credentials
- Using Vue2 to integrate uppy caused a strange mistake HOT 2
- aws-nodejs-example | Multipart complete api | Throws 400 bad requests. HOT 5
- title.value is not accessible inside uppy.upload in vue HOT 1
- I get this error "ResizeObserver loop completed with undelivered notifications" when I set width and height 100% in Angular HOT 5
- Fix TypeScript sins HOT 5
- v4: typescript error for `uppy.setFileState()`
- Typescript error for 'new Uppy().use(AwsS3, {})' HOT 2
- XHR plugin expects upload response to be a valid JSON HOT 8
- companionAllowedHosts is not implemented in RemoteSources preset
- Uppy companion server error HOT 4
- Uppy 4.0.5 error HOT 5
- getTemporarySecurityCredentials() docs for S3 missing
- `Complete` event is not fired if one or more files are removed before they are uploaded using XHRUpload
- ThumbnailGenerator: Failed to execute 'createObjectURL' on 'URL': Overload resolution failed.
- Paste from clipboard support on Drag & Drop module HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from uppy.