Comments (12)
Oh really strange! I haven't seen this yet, so I have no idea from the top of my head. I'm not aware to do anything special. It doesn't use websockets, only a "plain old" http post request.
If you want to try without reverse proxy, you need to install the previous version. For some reason, enabling custom certificates broke it working in cleartext (although this flag is true).
If nothing can be seen in the logs, it might not even reach the server - is there any indication in the reverse proxy logs that the request hits the server at all? If not, this is quite hard to debug then. You would need to checkout the code and attach a debugger. I only have Android 9 and 11 devices here I think.
from android-client.
Thanks for the ideas, i will test and reply on monday.
from android-client.
Well, I tried version 0.5 to bypass the secure Communication restriction for access without reverse Proxy and it throws the same error. Version 0.4 fixed this Problem.
With v0.4 I am able to upload a document to 192.168.xxx.xxx:PORT via HTTP (no reverse Proxy). With Revers Proxy i get the stream connection error.
Therefore It's proven, that i am having some troubles with my reverse Proxy, though i am not sure, what. Same config is working for nextcloud e.x.
Are You Using TCP Streams or something like this?
Update
A POST with CURL via CLI is working. Seems like something in the APP is not compatible
from android-client.
Output from AndroidStudio, while debugging:
E/upload: Error uploading!
okhttp3.internal.http2.StreamResetException: stream was reset: NO_ERROR
at okhttp3.internal.http2.Http2Stream.checkOutNotClosed$okhttp(Http2Stream.kt:646)
at okhttp3.internal.http2.Http2Stream$FramingSink.flush(Http2Stream.kt:576)
at okio.ForwardingSink.flush(ForwardingSink.kt:32)
at okhttp3.internal.connection.Exchange$RequestBodySink.flush(Exchange.kt:228)
at okio.RealBufferedSink.flush(RealBufferedSink.kt:269)
at org.docspell.docspellshare.http.HttpRequest$1.writeTo(HttpRequest.java:139)
at okhttp3.MultipartBody.writeOrCountBytes(MultipartBody.kt:157)
at okhttp3.MultipartBody.writeTo(MultipartBody.kt:93)
at okhttp3.internal.http.CallServerInterceptor.intercept(CallServerInterceptor.kt:59)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:34)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
at org.docspell.docspellshare.http.HttpRequest.execute(HttpRequest.java:58)
at org.docspell.docspellshare.http.UploadManager$UploadWorker.run(UploadManager.java:49)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:919)
from android-client.
Thanks for the stack trace!! That looks strange. Only thing that came to mind is that I'm reading http2
in the stack trace. Maybe the app is trying with http2 and the reverse proxy has problems with that? That would explain when curl is using http1.1…? Just a guess…. It could be that okhttp changed some settings in a newer version.
I'm also using the newest version of the app with an nginx reverse proxy without problems…. I'm not aware that I use anything special in the app. It's just okhttp post request. But I just checked my nginx config and it is configured to support http2.
from android-client.
I tried this fix:
square/okhttp#3955 (comment)
And the error is gone. Though i get another strange bug:
The Reported HTTP Status Code is 403
:
Though, i don't even see anything in my nginx access logs from this upload request.
Seems like the Request is being intercepted somewhere...
INFO: AndroidStudio is complaining about not closing the response body in
You should return the Response Object instead, read the code from Response Object in
from android-client.
Well, I found the reason for the 403:
Somehow My OPNSense WAF intercepts the Request. Strange behaviour is, that the IP get's banned immitiately after sending the request, tough i did not enable the WAF for this specific Server.
from android-client.
Ah nice! So we are one step further :) Thanks for pointing at the bug with not closing the response - not well done!
Was almost hitting ENTER on some thoughts to the 403, which are now obsolete - nice find!
from android-client.
And i found the Problem for Block
The Android Client is not sending a correct User-Agent. The default from okhttp3 is not sufficient and will be blocked by OPNSense/PFSense per default.
I've created a UserAgentInterceptor and will create a PR for you to merge.
This Change does also Fix my HTTP/2 Error. Obviously HTTP/2 could not be established since the IP has been banned
from android-client.
Thanks! I'm using OPNSense myself, but not their WAF (have never seen it, is this a plugin?). Do you know what user-agent values are blocked by default? Would it then be ok to set something like "Docspell-Android/$version"?
Regarding the NO_STREAM error: was this due to http2 vs http1? I thought the 403 from the waf was coming once okhttp was set to not use http2?
from android-client.
The NO_STREAM Error was due to the banning.
Last Year I switched from HAProxy to Nginx for its NAXSI availability.
Therefore, the IP got banned at the second, the Request entered the WAF.
Therefore, the Server did not established a HTTP/2 session and OKHTTP3 threw this error.
Switching to HTTP/1.1 "fixed" the error because the Handshake is different and the client received the 403 - Banned Message. -> Upload still not working
Those Agents are on the blocklist (blocking all default agents to prevent possible Bots/Script-Kiddies.
Python-urllib|Nmap|python-requests|libwww-perl|MJ12bot|Jorgee|fasthttp|libwww|Telesphoreo|A6-Indexer|ltx71|okhttp|ZmEu|sqlmap|LMAO/2.0|ltx71|zgrab|Ronin/2.0|Hakai/2.0
With the #57 User Agent Fix, the HTTP/1.1 Downgrade is not neccessary anymore.
I also added the Request.close()
call i mentioned above.
from android-client.
Great!! Thank you a lot for the explanation! Saw the PR already - thanks for this as well. I had only one minor nitpicking comment, but it's not a problem at all to merge it as is!
from android-client.
Related Issues (12)
- Cache uploads when no network is available and upload once connected HOT 2
- Publish to fdroid HOT 2
- When no default selected, let user choose where to upload
- Filename not recognized HOT 9
- sharing multiple documents does not work HOT 3
- Dependency Dashboard
- Problem with uploading on MIUI HOT 2
- Feature request: Allow user/custom certificate CA HOT 6
- Upload not working HOT 3
- Cleartext http traffic not allowed in version 0.5.0 HOT 3
- Move to github actions HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from android-client.