Loading.. bug/error

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • anlicor
    Junior Member
    • Feb 2018
    • 3
    #1

    Loading.. bug/error

    On a fresh install we cannot create any users, calls accounts etc...
    For all tasks that require the creation of a record it just gets stuck at Loading...

    Any idea on how to solve this?

    Chrome console says:

    This page includes a password or credit card input in a non-secure context. A warning has been added to the URL bar. For more information, see https://goo.gl/zmWq3m.
    /client/src/views/fields/varchar.js?r=1518717397 Failed to load resource: the server responded with a status of 406 (Not Acceptable)
    espo.min.js?r=1518717397:17 Uncaught Error: Could not load file 'client/src/views/fields/varchar.js?r=1518717397'
    at Object.error (espo.min.js?r=1518717397:17)
    at j (espo.min.js?r=1518717397:3)
    at Object.fireWith [as rejectWith] (espo.min.js?r=1518717397:3)
    at x (espo.min.js?r=1518717397:4)
    at XMLHttpRequest.<anonymous> (espo.min.js?r=1518717397:4)
    Tags: None
    • yuri
      EspoCRM product developer
      • Mar 2014
      • 9495
      #2
      Seems you have some security configuration not allowing some request to be sent.
      If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

        Comment

        • KevinK
          #2.1
          KevinK commented
          02-16-2018, 12:34 AM
          Editing a comment
          where would this security setting/config be ?
        • anlicor
          Junior Member
          • Feb 2018
          • 3
          #3
          On this particular configuration, wordpress, joomla, drupal, zurmo and other cms and erp work without issue.
          I don't see any error logs on the server itself just the js error in chrome.

          Error: Could not load file 'client/src/views/fields/varchar.js?r=1518758250'
          What specifically could be causing this?
          Last edited by anlicor; 02-16-2018, 05:44 AM.

            Comment

            • tanya
              #3.1
              tanya commented
              02-16-2018, 12:51 PM
              Editing a comment
              Check permission, please
              if file client/src/views/fields/varchar.js exists, but couldn't be loaded, seams this file is not readable for server user
            • yuri
              EspoCRM product developer
              • Mar 2014
              • 9495
              #4
              The culprit can be in htaccess file of wordpress, joomla, drupal or in separate htaccess file.
              If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

                Comment

                • anlicor
                  Junior Member
                  • Feb 2018
                  • 3
                  #5
                  This is the .htaccess file for the associated account:

                  <ifModule mod_headers.c>
                  Header always set Access-Control-Allow-Methods "POST, GET, PUT, PATCH, DELETE"
                  </ifModule>

                  DirectoryIndex index.php index.html

                  <IfModule mod_rewrite.c>
                  RewriteEngine On

                  # PROTECTED DIRECTORIES
                  RewriteCond %{REQUEST_FILENAME} -d
                  RewriteRule ^/?(data|api)/ - [F]

                  RewriteRule ^/?data/config\.php$ - [F]
                  RewriteRule ^/?data/logs/ - [F]
                  RewriteRule ^/?data/cache/ - [F]
                  RewriteRule ^/?data/upload/ - [F]
                  RewriteRule ^/?data/\.backup/ - [F]
                  RewriteRule ^/?application/ - [F]
                  RewriteRule ^/?custom/ - [F]
                  RewriteRule ^/?vendor/ - [F]
                  #END PROTECTED DIRECTORIES

                  RewriteRule .* - [E=HTTP_ESPO_CGI_AUTH:%{HTTP:Authorization}]

                  RewriteRule reset/?$ reset.html [QSA,L]
                  </IfModule>
                  See any issues?

                    Comment

                    • luisgflores
                      Junior Member
                      • Aug 2018
                      • 1
                      #6
                      In my case it turned out to be Apache's ModSecurity blocking SQL injection attempts.

                      This is what I found on the Apache error log:

                      [Thu Aug 02 12:10:40.150882 2018] [:error] [pid 15334:tid 139847905761024] [client x.x.x.x:33353] [client x.x.x.x] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(??:s(?:elect\\\\b(?:.{1,100}?\\\\b(??:length|count|top)\\\\b.{1,100}?\\\\bfrom|from\\\ \b.{1,100}?\\\\bwhere)|.*?\\\\b(?:d(?:ump\\\\b.*\\ \\bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_( ??:addextendedpro|sqlexe)c|(?acreat|prepar)e|execute(?:sql)?|makewebt ..." at REQUEST_FILENAME. [file "/etc/apache2/conf.d/imh-modsec/05_additional_directives.conf"] [line "38"] [id "950001"] [msg "SQL Injection Attack"] [data "varchar"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "crm.xxxxxxx.com"] [uri "/client/src/views/fields/varchar.js"] [unique_id "W2M7EMifb1cOYrVibxVvnwAAAhU"], referer: http://crm.xxxxxxx.com/

                      So I had to comment out a section of file /etc/apache2/conf.d/imh-modsec/05_additional_directives.conf (id "950001") and restart Apache.

                      Yes, this leaves a security hole, but my coding skills are not good enough to suggest a permanent in-code fix (If it is indeed possible). Maybe developers can look into it?

                      Hope this is still useful

                        Comment

                        Previous template Next
                        Working...