Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Link from Rate Your Music



  • R_JR_J Ex-Fanboy Munich Admin

    Does it mean that you now have access to your web server error logs? Each 500 error should be tracked and it would be good to know the exact error.

    Your screenshot only shows the JavaScript error and I would guess that each JS error is only the result of the initial request failing.

  • That's right. I'll see if I can get it. Is this info "safe" to post on here?

  • R_JR_J Ex-Fanboy Munich Admin

    Normally it should. If you are unsure and trust me, you can write me a PM

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    I honestly don't know what that content.js is. We don't have file named that in Vanilla.

  • R_JR_J Ex-Fanboy Munich Admin

    I try to dig deeper into this issue. But it only fails for Rate Your Music links and as far as I have understood only when the discussion/comment is posted and the post is rendered and attached to the current discussion via AJAX.

    It surely is some JavaScript craziness which comes up only in some special combination in asleuvs installation (I couldn't reproduce that error in my installation). But before you didn't know the cause you cannot assume that this error will not come up by anyone else. So I think its worth looking at it. But its JavaScript and the person looking at it is me - no perfect fit 😁

    In the end I assume we have to ask for your expertise but I hope I can find out some more details before consuming your time.

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    I think step 1 is to figure out what content.js is? Do you know where it comes from? Do you have anything in front of your server modifying the javascript?

    I also see some backend.js file. What are these files?

  • I have absolutely no idea what that is, @charrondev . I just assumed everything was Vanilla related.

  • R_JR_J Ex-Fanboy Munich Admin

    First insight: I have the first hint on the problem but not the resolution.

    Those js files do not come up when I start a new discussion. The part where the error is thrown is here :

    And it is not a js error, but the POST to /api/v2/media/scrape fails.

    The POST header and body looks like that:

    Host: p...
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0
    Accept: application/json, text/plain, */*
    Accept-Language: de,en-US;q=0.7,en;q=0.3
    Accept-Encoding: gzip, deflate, br
    Referer: http://p.../api/v2/media/scrape
    X-Requested-With: vanilla
    Content-Type: multipart/form-data; boundary=---------------------------300452361316162
    Content-Length: 199
    Connection: keep-alive
    Cookie: Vanilla-tk=...; Vanilla=...; Vanilla-Vv=...
    Pragma: no-cache
    Cache-Control: no-cache
    Content-Disposition: form-data; name="url"

    That is exactly how that post should look like. It looks the same in my test forum and over here. I've set up a no-https test forum in order to see if this has something to do with https or no https but that doesn't matter.

  • R_JR_J Ex-Fanboy Munich Admin

    Sadfully I'm completely lost and cannot find out where that request is made, @charrondev

    But could be that your server is blacklisted or anything like that?

    I think it would make sense to do a simple curl from commandline or write a small snippet of php that tries to fetch the url above and see the result. That will be my next step

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    It's definitely possible that your server got blacklisted (if your server is on 1 IP and made 100/1000s of requests in a very short timespan).

    I was referring to the infinite recursion error though. That error was in a file that is not part of a standard vanilla installation.

  • I sent an email to the RYM webmaster to check if there is a blacklist and if I'm our site is on it, but since I just switched host (and have tried linking to RYM directly from the ip address, not the domain name) I think that's unlikely.

Sign In or Register to comment.