CORS problem regarding xmpp

ghose · July 2, 2021, 5:30am

My YunoHost server

Hardware: Raspberry Pi at home
YunoHost version: 4.2.6
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : / yes
If yes, please explain:
changed .noho.st domain and moved converse app to im.personal.domain.tdl

Description of my issue

xmpp and converse app both worked fine (almost, because I had problem with xmpp-upload with my own domain, but worked fine with .noho.st domain) but I changed .noho.st domain recently and moved converse app to a personal subdomain.

I think this converse app moved is NOT the problem because using external clients (conversations android app) I can’t not log in either.

So I guess some nginx & metronome & dnsmasq missconfiguration is happening.

I did not manually change any file, but in browser console (F12) it fails to connect because of CORS policy (cross origin resource)

I have --force yunohost tools regen-conf for nginx and dnsmasq and metronome, and have reviewed logs but I’m not savvy enough to see there any valuable info

I have another app/services (nextcloud, wiki, …) all working fine (AFAIK).

Browser console message is similar to this (example):

cors console message

just changing my domains on ynh

I’ve read I need to manually allow this on my server, but I guess if this was working fine until recent changes then it should also work if I force configuration reset on those services… unless I reconfiguring (forced) the wrong services.

Please would anyone suggest any hint and try to solve it? I can’t use xmpp with my server right now with any client and or account I’ve tried.

edit: I’ve a valid letsencrypt certificate for all involved domains (as seen in webadmin and browser)

edit2:

ynh.domain.tld is my main domain (sso portal), users (user1@ynh.domain.tld) can log in xmpp server.

users using “user1@my_ynh.noho.st” (user1@im.domain.tld either) can’t log in.

im.domain.tld is where conversejs app is installed

Few days ago, before moving conversejs do new domain, I could log in with any of the users, and because user1@myynh.noho.st could use xmpp-upload withou issues then there was no problem, but now I can not use this login.
If I were able to solve xmpp-upload issue with ynh.domain.tld this would be a minor problem for my relatives

Thank you

ghose · July 11, 2021, 7:45am

Hi, please could anyone point me about the possible root cause of my problems? THANK YOU.

I would appreciate any hint in the direction I should search, I know you may not can provide personalized support to everyother dude around here

I guess is a particular problem to my instalation, because there’s no much info about issues with xmpp-upload in this forum (besides let’s encrypt renewals). Could be this a certificate issue?

Converstations client on android moans about "Unable to resolv host “xmpp-upload.ynh.domain.tld”: no address associated with host name.

Doing dig on xmpp-upload subdomain I got the same info than muc, pubsub etc. and text messaging works fine. So I guess xmpp-upload DNS is well configured.

I have not chage metronome and converse default settings (actually I forced configuration to defaults after some tests), and restart.

/var/log/metronome/metronome.log

Jul 11 08:14:07 xmpp-upload.ynh.domain.tld:http_upload	warn	Could not delete expired upload /var/xmpp-upload/ynh.domain.tld/upload/fgYOx9bEXKA21439/pantallazo_20210702_052119.png: /var/xmpp-upload/ynh.domain.tld/upload/fgYOx9bEXKA21439/pantallazo_20210702_052119.png: No such file or directory
Jul 11 08:14:13 ynh.domain.tld:stanza_optimizations	info	user@ynh.domain.tld/Conversations.wUQm signaling client is inactive filtering and queuing incoming stanzas
Jul 11 08:14:51 ynh.domain.tld:stanza_optimizations	info	kabra@ynh.kalabradas.club/Conversations.WqtK signaling client is inactive filtering and queuing incoming stanzas

/var/xmpp-upload/ynh.domain.tld/upload folder does actually exists on server

ls -la on /var/xmpp-upload/ynh.domain.tld/

drwxr-sr-x 10 metronome www-data 4096 Jul 11 08:14 upload

inside upload there are some few folders (named with some key-id like above described) with NO content at all. I guess they were created from failed uploads.

log from broswer session console (F12)

History

Content Security Policy: Este sitio (https://ynh.domain.tld) ten unha política Report-Only sen un URI de informe. CSP non bloqueará e non é posíbel que informe de violacións desta política.

Bloqueouse a solicitude Cross-Origin: a política «Same Origin» impide ler un recurso remoto en https://xmpp-upload.ynh.domain.tld/upload/UWq3isXYtYRb7647/Screenshot_file.png. (Razón: Non funcionou a solicitude CORS).

translated

Content Security Policy: This site (https://ynh.domain.tld) has a Report-Only policy without report URI. CSP will not block an it’s not possible to inform about fails to this policy.
Cross-Origin request blocked: Same-Origin policy forbids to read the remote resource at https://xmpp-upload.ynh.domain.tld/upload/UWq3isXYtYRb7647/Screenshot_file.png. (Reason: CORS request did not work).

It’d be nice to add pictures and sound records support for my family. Thank you any way

jarod5001 · July 11, 2021, 11:59am

I had similar problem with metronome service shutting down when I try to log in.
Searched for solutions without luck.
So I moved to nextcloud talk

ghose · July 12, 2021, 7:11am

thank you jarod5001

I will take in to consideration your “solution” if I can’t solve upload problem.

I’m also considering dendrite_ynh even it is NOT fully implemented yet.

system · August 11, 2021, 7:12am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.