Loading.. bug/error

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • anlicor
    Junior Member
    • Feb 2018
    • 3

    Loading.. bug/error

    On a fresh install we cannot create any users, calls accounts etc...
    For all tasks that require the creation of a record it just gets stuck at Loading...

    Any idea on how to solve this?

    Chrome console says:

    This page includes a password or credit card input in a non-secure context. A warning has been added to the URL bar. For more information, see https://goo.gl/zmWq3m.
    /client/src/views/fields/varchar.js?r=1518717397 Failed to load resource: the server responded with a status of 406 (Not Acceptable)
    espo.min.js?r=1518717397:17 Uncaught Error: Could not load file 'client/src/views/fields/varchar.js?r=1518717397'
    at Object.error (espo.min.js?r=1518717397:17)
    at j (espo.min.js?r=1518717397:3)
    at Object.fireWith [as rejectWith] (espo.min.js?r=1518717397:3)
    at x (espo.min.js?r=1518717397:4)
    at XMLHttpRequest.<anonymous> (espo.min.js?r=1518717397:4)
  • yuri
    Member
    • Mar 2014
    • 8440

    #2
    Seems you have some security configuration not allowing some request to be sent.
    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment


    • KevinK
      KevinK commented
      Editing a comment
      where would this security setting/config be ?
  • anlicor
    Junior Member
    • Feb 2018
    • 3

    #3
    On this particular configuration, wordpress, joomla, drupal, zurmo and other cms and erp work without issue.
    I don't see any error logs on the server itself just the js error in chrome.

    Error: Could not load file 'client/src/views/fields/varchar.js?r=1518758250'
    What specifically could be causing this?
    Last edited by anlicor; 02-16-2018, 05:44 AM.

    Comment


    • tanya
      tanya commented
      Editing a comment
      Check permission, please
      if file client/src/views/fields/varchar.js exists, but couldn't be loaded, seams this file is not readable for server user
  • yuri
    Member
    • Mar 2014
    • 8440

    #4
    The culprit can be in htaccess file of wordpress, joomla, drupal or in separate htaccess file.
    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment

    • anlicor
      Junior Member
      • Feb 2018
      • 3

      #5
      This is the .htaccess file for the associated account:

      <ifModule mod_headers.c>
      Header always set Access-Control-Allow-Methods "POST, GET, PUT, PATCH, DELETE"
      </ifModule>

      DirectoryIndex index.php index.html

      <IfModule mod_rewrite.c>
      RewriteEngine On

      # PROTECTED DIRECTORIES
      RewriteCond %{REQUEST_FILENAME} -d
      RewriteRule ^/?(data|api)/ - [F]

      RewriteRule ^/?data/config\.php$ - [F]
      RewriteRule ^/?data/logs/ - [F]
      RewriteRule ^/?data/cache/ - [F]
      RewriteRule ^/?data/upload/ - [F]
      RewriteRule ^/?data/\.backup/ - [F]
      RewriteRule ^/?application/ - [F]
      RewriteRule ^/?custom/ - [F]
      RewriteRule ^/?vendor/ - [F]
      #END PROTECTED DIRECTORIES

      RewriteRule .* - [E=HTTP_ESPO_CGI_AUTH:%{HTTP:Authorization}]

      RewriteRule reset/?$ reset.html [QSA,L]
      </IfModule>
      See any issues?

      Comment

      • luisgflores
        Junior Member
        • Aug 2018
        • 1

        #6
        In my case it turned out to be Apache's ModSecurity blocking SQL injection attempts.

        This is what I found on the Apache error log:

        [Thu Aug 02 12:10:40.150882 2018] [:error] [pid 15334:tid 139847905761024] [client x.x.x.x:33353] [client x.x.x.x] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(??:s(?:elect\\\\b(?:.{1,100}?\\\\b(??:length|count|top)\\\\b.{1,100}?\\\\bfrom|from\\\ \b.{1,100}?\\\\bwhere)|.*?\\\\b(?:d(?:ump\\\\b.*\\ \\bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_( ??:addextendedpro|sqlexe)c|(?acreat|prepar)e|execute(?:sql)?|makewebt ..." at REQUEST_FILENAME. [file "/etc/apache2/conf.d/imh-modsec/05_additional_directives.conf"] [line "38"] [id "950001"] [msg "SQL Injection Attack"] [data "varchar"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "crm.xxxxxxx.com"] [uri "/client/src/views/fields/varchar.js"] [unique_id "W2M7EMifb1cOYrVibxVvnwAAAhU"], referer: http://crm.xxxxxxx.com/

        So I had to comment out a section of file /etc/apache2/conf.d/imh-modsec/05_additional_directives.conf (id "950001") and restart Apache.

        Yes, this leaves a security hole, but my coding skills are not good enough to suggest a permanent in-code fix (If it is indeed possible). Maybe developers can look into it?

        Hope this is still useful

        Comment

        Working...