Problem with avatars and attachments in IE after installing 2.0.6

Started by WimB, October 27, 2013, 03:25:04 PM

Previous topic - Next topic

Arantor


watchhorse

I have the same problem. ???
Also after update.
Wij zoeken diergerelateerde fora ter overname.
Pb gerust als je geen tijd of zin meer hebt om uw forum te onderhouden.

Arantor

And yet as shown the patch doesn't TOUCH the avatars or attachments code...

You could try commenting out the three headers in index.php that were added but they didn't break it for me when I tested it...

lurkalot

Quote from: Arantor on October 28, 2013, 10:34:53 AM
And yet as shown the patch doesn't TOUCH the avatars or attachments code...

You could try commenting out the three headers in index.php that were added but they didn't break it for me when I tested it...

Arantor, did just that and I can now confirm the Avatars are working again. ;)

Arantor

And commenting out the last two didn't fix it before?

The Frame-Options header should NOT be doing that. Proof, if any were needed, that IE still lags behind in supporting something that's been around for years.


Still, if you'd rather have less security, that's entirely up to you.

lurkalot

Quote from: Arantor on October 28, 2013, 11:28:50 AM

And commenting out the last two didn't fix it before?


I didn't try the last two before, just this line that you told us to try header('X-XSS-Protection: 1; mode=block');

Which didn't make any difference for me.  Then I tried all three headers as you just suggested and the avatars work again.


header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');

Arantor

Um, if you read the thread, I suggested removing the last two at separate points in the thread.

So it's down to the Frame-Options header, which is fantastic because that's the most useful of the headers to add. Interestingly, Facebook and Twitter use the same header - so it's down to IE as to why it doesn't work.

lurkalot

Quote from: Arantor on October 28, 2013, 11:43:54 AM
Um, if you read the thread, I suggested removing the last two at separate points in the thread.

So it's down to the Frame-Options header, which is fantastic because that's the most useful of the headers to add. Interestingly, Facebook and Twitter use the same header - so it's down to IE as to why it doesn't work.

Sorry, I should have read back the whole thread.  :-[

But after a bit of testing, it's actually this line alone that's stopping the avatars showing header('X-Content-Type-Options: nosniff');  Not the Frame options one.

Arantor

That's even more hilarious... that's a feature IE themselves invented first!

Makes me wonder why it's broken anything else.

mashby

Hmm...looking at the differences between here and the OP's site.
OP's avatar:
http://www.vrvforum.be/forum/index.php?action=dlattach;attach=27229;type=avatar
in IMG tag:

Arantor's avatar:
http://avatars.simplemachinesweb.com/smf/avatar_318771_1380747238.jpg
in IMG tag:


I'm guessing here is different in terms of avatar paths. Here looks more "normal" in terms of an img src, but the other way seems to work OK too, just not always in IE.

In IE10, the img referenced from the IMG tag indeed doesn't show up. :)
Always be a little kinder than necessary.
- James M. Barrie

Arantor

That's because here has avatars set to an avatar directory because it makes things *crazy* faster. That wouldn't fix attachments though.

margarett

Quote from: monster mashby on October 28, 2013, 12:42:16 PM
In IE10, the img referenced from the IMG tag indeed doesn't show up. :)
In IE8 also doesn't show up. IE8 is damn old, but it's strange the the issue crosses so different versions...
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Arantor

Especially for a header introduced in IE8 for 'better security'.

Though I get the feeling it should really be issuing proper MIME type headers and nosniff confuses it.

WimB

Thanks to all (and especially to Arantor)  :)

it works again, after commenting out all three, only commenting out header('X-Content-Type-Options: nosniff'); didn't work over here. Will have to do with less security, I guess....IE (sigh)  >:(

margarett

Well, I guess you can minimize the damage by putting out that lines only if browser is IE by looking at _SERVER['HTTP_USER_AGENT']
?

Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

GrogHead

Quote from: Arantor on October 28, 2013, 12:26:40 PM
That's even more hilarious... that's a feature IE themselves invented first!

Makes me wonder why it's broken anything else.

This may need to go in a new thread, but it looks like you may be asking if IE broke anything else.

We just upgraded to 2.0.6 today. This morning I had a user access our forum with no problem using IE 10. This afternoon (after upgrading to 2.0.6) he tells me he cannot access our forums. He installed Chrome and has no problems.

He tried to access on two different machines, both running IE. He has tried deleting cookies and internet files then rebooting with no change. He gets the following error when he tries to hit us:

QuoteAn Error Has Occurred!


Session verification failed. Please try logging out and back in again, and then try again.

Any suggestions would be appreciated.

Arantor

Well, I'm not so much asking whether it did, all evidence is that it did. I'm asking *why*, because the changes that were made were made to Microsoft's *own* specification; Microsoft added that header in IE and adoption is growing.

But yours is the first example of it actually failing something else. You can try commenting out the headers as suggested and see if that makes a difference.

GrogHead

Quote from: Arantor on October 28, 2013, 07:36:47 PM
Well, I'm not so much asking whether it did, all evidence is that it did. I'm asking *why*, because the changes that were made were made to Microsoft's *own* specification; Microsoft added that header in IE and adoption is growing.

But yours is the first example of it actually failing something else. You can try commenting out the headers as suggested and see if that makes a difference.

Thanks. I think we're just going to encourage folks to use a different browser.

In any case, if you need anything from me were you to decide to try and debug MS's problem, feel free to contact me  8)

lurkalot

@ Arantor.  Just curious, if these headers are causing certain Avatars not to display, then why do they display fine after a member re=uploads their avatar.  Like I said earlier, it wasn't all the uploaded avatars just a few random ones.  That included my own one, I re-uploaded the same one and it shows fine, and a handful of members done the same and they were ok too.  Any ideas?

Arantor


Advertisement: