Error with Profile Pictures & Favicon

therealsujitk

Dovah Actually, I've just taken a look at your site, and I don't think it's a problem with permissions. I think it's because something in the server is disabled. Maybe OverrideAll is missing or mod_rewrite is disabled. Someone else should be able to help you with this.

Dovah

therealsujitk Where would I be checking for "OverrideAll" or "mod_rewrite?" What file or setting on the website?

clarkwinkelmann

Can you give us details on your hosting ? Shared/VPS? Apache/nginx?

Did you manually import data into your forum or is it a fresh forum started with Flarum from the beginning?

Did the avatars stop appearing after a manipulation on your part, or did they suddenly disappear without reason?

Dovah

clarkwinkelmann I use ExtraVM to host the site. I suppose it's a VPS? Not entirely sure. I manually imported all of the data into the Terminal (access via cPanel) I can connect with FTP as well to manage stuff that way. Unsure if I can change folder permissions (though more likely just not sure how).

Everything stopped working after I installed extensions and ran a verify check cause everything else wasn't displaying correctly. Here's an old screenshot to explain what I mean:
Think I ran php flarum migrate which fixed that, but then broke profile pictures and havicon.

Dovah

Double checked permissions and all folders are 0755.

[deleted]

Dovah Your CORS policy prevents the loading of all images - this is where your problem lies

Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/mLVsMb6PozVrBXhB.png' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/mLVsMb6PozVrBXhB.png' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/mLVsMb6PozVrBXhB.png' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/5BQB7WG4jBacxN95.png' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/mLVsMb6PozVrBXhB.png' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/mLVsMb6PozVrBXhB.png' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/mLVsMb6PozVrBXhB.png' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/mLVsMb6PozVrBXhB.png' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/mLVsMb6PozVrBXhB.png' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/mLVsMb6PozVrBXhB.png' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/mLVsMb6PozVrBXhB.png' because it violates the following Content Security Policy directive: "img-src https: data:".

(index):1 Refused to load the image 'http://mctve.com/public/assets/avatars/mLVsMb6PozVrBXhB.png' because it violates the following Content Security Policy directive: "img-src https: data:".

Dovah

[deleted] How do I go about fixing this?

[deleted]

Dovah can you post either your.htaccess or nginx.conf file ?

Dovah

[deleted] Here's the .htaccess file: https://paste.ofcode.org/37VeUa3mf8S93EdWvUCtfJz

[deleted]

Dovah thanks. There's nothing there that relates to CORS - I didn't expect it either to be honest. Is this a shared host ? If so, it's worth contacting your ISP to ask them if CORS graders are being implemented as part of any security package.

clarkwinkelmann

To clarify in case this was necessary or for other readers, the problem here is the presence of the following header being returned by the server:

Content-Security-Policy: img-src https: data:

This header could have been added by a Flarum extension (but I don't know any that would do that), in the apache/nginx config (but none was found above) or by some other program, configuration or proxy on the webserver as suggested by [deleted]

Dovah

[deleted]

clarkwinkelmann
Thanks to you both for assisting. I contacted my host, who helped me a bit further, and I got https working correctly, which fixed the main issue of images/favicons not loading. But, now - whenever I visit a page, profile, thread/post, it shows this in the bottom left:

Reloading the page a couple of times fixes it (more so, finally loads what it's supposed to load) Any ideas for this?

[deleted]

Dovah there should be something in the logs for this which you can find at <flarum root>/storage/logs

Dovah

[deleted] None of the log files have been modified since February :/

[deleted]

Dovah odd. Can you try modifying your config.php file so that debug is set to true ? This should at least provide a debug link you can click on when the error message is generated to give you an idea of the issue

Dovah

[deleted] Yep, tested it - and as @clarkwinkelmann said, it is an issue with LiteSpeed. Resetting my .htaccess to default and then re-modifying to my needs worked and fixed the issue.

clarkwinkelmann

The 404 error is returned by LiteSpeed, not Flarum. You need to make sure calls to /api/ are properly handled by Flarum. This should happen by default with the provided htaccess.

A common case for this error is people who copied rules from older tutorials and have a rule for api => api.php. This needs to be removed. All requests are now handled by index.php.

Here's what the default htaccess looks like for beta 13 https://github.com/flarum/flarum/blob/v0.1.0-beta.13/public/.htaccess