Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Error 403 when using gallery feature on elFinder (Someone attempted to tamper with mime types in elfinder popup. The attempt was blocked.) #66

Closed
diereysaa opened this issue Jan 15, 2025 · 7 comments
Closed

Error 403 when using gallery feature on elFinder (Someone attempted to tamper with mime types in elfinder popup. The attempt was blocked.) #66

diereysaa opened this issue Jan 15, 2025 · 7 comments

Comments

@diereysaa
Copy link

Hi,
I'm opening this thread even though similar issues were solved here and here.

When I try to open the gallery on my project, it shows a 403 with the main project window:
image

The HTTP request is
https://***/admin/elfinder/popup/featured_image_select and that returns a 403.

Also, we're seeing

[2025-01-15 19:55:34] staging.ERROR: Someone attempted to tamper with mime types in elfinder popup. The attempt was blocked.

on the logs.

We have the latest backpack versions on the server:

backpack/basset                               1.3.6   Dead-simple way to load CSS or JS assets only once per page, when using Laravel 10+.
backpack/crud                                 6.7.47  Quickly build admin interfaces using Laravel, Bootstrap and JavaScript.
backpack/filemanager                          3.0.10  Backpack admin interface for files and folder, using elFinder
backpack/generators                           4.0.7   Generate files for laravel projects
backpack/permissionmanager                    7.2.1   Users and permissions management interface for Laravel 5 using Backpack CRUD.
backpack/pro                                  2.2.31  Operations, Fields, Columns, Filters and Widgets for not-so-simple admin panels.
backpack/theme-coreuiv4                       1.1.5   UI for Backpack v6 that uses CoreUI v4 and Bootstrap v5.
backpack/theme-tabler                         1.2.17  UI for Backpack v6 that uses Tabler and Bootstrap v5.

The field that launches the gallery popup is this:

        CRUD::field([   // Browse
            'name'  => 'featured_image_select',
            'label' => 'Seleccionar imagen',
            'type'  => 'browse-custom',
            'wrapper' => ['class' => 'form-group col-md-6'],
        ]);

Note: I've even tried with 'type' => 'browse' but the results are the same.

I even tried to setup the default filemanager, and it works just fine for uploads, browsing, etc...
image

Could it be a folders permission issue? (I'm asking this because on another server the gallery was working fine)

I think it's important to mention that our project is using laravel multidomain as well (gecche/laravel-multidomain 11.1)

Thanks in advance.
@diereysaa diereysaa mentioned this issue Jan 15, 2025
Closed
@pxpm
Copy link
Contributor

pxpm commented Jan 16, 2025

Hello @diereysaa

I see you are using a browse-custom field type. Please read the info on the issues you linked, there you have the explanation of what you need to change in your custom field so it can work with Backpack.

It should be straightforward, you do the changes and it will work as previously.

Let us know 👍

@diereysaa
Copy link
Author

HI @pxpm thanks for the prompt response.

I believe you've missed the part where I say:

Image

In other words, I'm actually using the default, built-in field type, and still facing the same result.

The request URL is:
https://***/admin/elfinder/popup/featured_image_select?mimes=eyJpdiI6ImpuTzJhT2l5ZFVlVDBOR01xdlFSRFE9PSIsInZhbHVlIjoiNDE5em5Kd0xOWi9yRituWmlRY1BrQT09IiwibWFjIjoiN2Y3YmI2NDdiZGEwYjJlYzdjMDJiYjJlZTE2ZjNlMjRlY2MzMmNmODA0ZjgzYTI1OWRlMWJmZmNmZmI4MmM5ZSIsInRhZyI6IiJ9/featured_image_select

Also, I have all packages up-to-date, got Backpack PRO as well.

@diereysaa
Copy link
Author

diereysaa commented Jan 16, 2025
edited
Loading

UPDATE:

If I use

           'type'  => 'browse_multiple',

it works with no issue:

Image

But this gives the user the option to select several files (images) and returns an array of URLs, and we only need one single URL

🤷🏻‍♂️

@diereysaa
Copy link
Author

diereysaa commented Jan 16, 2025
edited
Loading

UPDATE 2:

I've fixed the issue by updating the field type:

        CRUD::field([   // Browse
            'name'  => 'featured_image_select',
            'label' => 'Seleccionar imagen',
            'type'  => 'browse_multiple',
            'mime_types' => ['image'],
            'multiple'   => false,
            'wrapper' => ['class' => 'form-group col-md-6'],
        ]);

But that feels like a hack, because we're using a field designed to allow multiple files, while forcing it to allow one single file.

I'm clearly doing something wrong, but at least with this "hack" it works as we need it.

@karandatwani92
Copy link

Hey @diereysaa

I just tested it and faced the same; I solved it by removing old js assets:

php artisan basset:clear

Feel free to reopen if it doesn't work for you.

@zenkarsha
Copy link

Hey @diereysaa

I just tested it and faced the same; I solved it by removing old js assets:

php artisan basset:clear

Feel free to reopen if it doesn't work for you.

Facing the same issue, but php artisan basset:clear is not work for me.

@pxpm
Copy link
Contributor

pxpm commented Jan 24, 2025

If you have browse or browse_multiple fields (or a custom derived from them) published in your resources/views folder you need to do some code updates, please check the referenced issue where I provide the needed code changes.

Cheers

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
This week
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pxpm @karandatwani92 @diereysaa @zenkarsha