[Bug]: Nextcloud Files app refuses uploading of an optimized gif directly out of gifsicle

[Moini]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

Nextcloud Files app refuses uploading of an optimized gif directly out of gifsicle.

When I upload it via the Nextcloud desktop app (by putting it into the corresponding folder on my harddrive), it is uploaded, and can be selected in the Files app. However, when I click on the share button, the side menu never stops loading. When try to rename the file, I get the same error message as above. The log in the admin section does not show any errors from recent activity.

Steps to reproduce

1. Try to upload
   

2. That's all.

Expected behavior

I can upload and share the file. If the preview fails, well, so be it. But in any case, I should be able to share the gif.

Installation method

Community Manual installation with Archive

Nextcloud Server version

27

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.1

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

Updated from a MINOR version (ex. 22.1 to 22.2)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "27.0.2.1",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "htaccess.RewriteBase": "\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "default_phone_region": "DE",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_sendmailmode": "smtp",
        "mail_smtpauth": 1,
        "mail_smtpsecure": "tls",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "theme": "",
        "loglevel": 0,
        "has_rebuilt_cache": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "updater.release.channel": "stable",
        "app_install_overwrite": [
            "cookbook",
            "checksum",
            "documentserver_community",
            "apporder"
        ]
    }
}

List of activated Apps

Enabled:
  - activity: 2.19.0
  - appointments: 1.15.2
  - audioplayer: 3.4.0
  - bookmarks: 13.0.1
  - bruteforcesettings: 2.7.0
  - calendar: 4.4.4
  - checksum: 1.2.2
  - cloud_federation_api: 1.10.0
  - comments: 1.17.0
  - contacts: 5.3.2
  - contactsinteraction: 1.8.0
  - cookbook: 0.10.2
  - data_request: 1.14.0
  - dav: 1.27.0
  - deck: 1.10.0
  - documentserver_community: 0.1.13
  - end_to_end_encryption: 1.13.1
  - event_update_notification: 2.2.0
  - federatedfilesharing: 1.17.0
  - files: 1.22.0
  - files_downloadlimit: 1.1.0
  - files_pdfviewer: 2.8.0
  - files_photospheres: 1.27.0
  - files_rightclick: 1.6.0
  - files_sharing: 1.19.0
  - files_trashbin: 1.17.0
  - files_versions: 1.20.0
  - forms: 3.3.1
  - gpxpod: 5.0.12
  - groupquota: 0.1.11
  - guests: 2.5.0
  - logreader: 2.12.0
  - lookup_server_connector: 1.15.0
  - metadata: 0.19.0
  - music: 1.8.4
  - news: 22.0.0
  - nextcloud_announcements: 1.16.0
  - notes: 4.8.1
  - notifications: 2.15.0
  - oauth2: 1.15.1
  - onlyoffice: 8.2.0
  - password_policy: 1.17.0
  - phonetrack: 0.7.6
  - photos: 2.3.0
  - polls: 5.2.0
  - privacy: 1.11.0
  - provisioning_api: 1.17.0
  - quota_warning: 1.17.0
  - related_resources: 1.2.0
  - serverinfo: 1.17.0
  - settings: 1.9.0
  - sharebymail: 1.17.0
  - side_menu: 3.10.3
  - spreed: 17.0.3
  - tables: 0.5.1
  - tasks: 0.15.0
  - text: 3.8.0
  - theming: 2.2.0
  - theming_customcss: 1.14.0
  - twofactor_backupcodes: 1.16.0
  - updatenotification: 1.17.0
  - viewer: 2.1.0
  - workflowengine: 2.9.0
Disabled:
  - admin_audit: 1.17.0
  - apporder: 0.15.0 (installed 0.15.0)
  - carnet: 0.25.2 (installed 0.25.2)
  - circles: 27.0.1 (installed 24.0.0)
  - dashboard: 7.7.0 (installed 7.4.0)
  - encryption: 2.15.0
  - extract: 1.3.6 (installed 1.3.6)
  - federation: 1.17.0 (installed 1.6.0)
  - files_downloadactivity: 1.16.0 (installed 1.16.0)
  - files_external: 1.19.0
  - files_markdown: 2.4.1 (installed 2.4.1)
  - firstrunwizard: 2.16.0 (installed 2.5.0)
  - gpxedit: 0.0.14 (installed 0.0.14)
  - gpxmotion: 0.1.0 (installed 0.1.0)
  - integration_whiteboard: 0.0.14 (installed 0.0.14)
  - recommendations: 1.6.0 (installed 0.4.0)
  - support: 1.10.0 (installed 1.0.0)
  - survey_client: 1.15.0 (installed 1.4.0)
  - suspicious_login: 5.0.0
  - systemtags: 1.17.0 (installed 1.6.0)
  - twofactor_totp: 9.0.0
  - user_ldap: 1.17.0
  - user_status: 1.7.0 (installed 1.5.0)
  - weather_status: 1.7.0 (installed 1.0.0)

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

I really would like to, if the log did not contain user names, IP addresses, detailed Browser configurations and other sensitive data. As long as the logging app does not clean out sensitive stuff, I cannot provide any logs. 

I have checked manually that there is no related error message from within the last 30 minutes. When I disable DEBUG and INFO level messages, there are no messages at all from today.

Additional info

Gifsicle (if you don't know it) is a command line program for editing Gif images.

I'm suspecting that maybe Imagemagick isn't able to deal with those properly, as the Element matrix instance also refused to upload the file into a Matrix chat. GitHub, however, works - probably they are not trying to generate preview images.

In any case, if preview generation fails, it should:

• create a warning log entry
• just not generate a preview
• but let me use the file like any other

[solracsf]

Uploads correctly on my v25.0.10 instance.
Animated preview also works.
File can also be renamed.

[Moini]

Thanks for testing, @solracsf ! Might depend not only on Nextcloud version, but also on the version of whatever is used to create the preview images (suspecting imagemagick).

[joshtrichards]

Don't we process GIFs via GD not ImageMagick? (I always get confused what handles what on the preview side).

@Moini - In your browser console log under Network, which transaction seems to trigger the non-response/500 error (or whatever)? Also:

• If you get a chance, can you see if the same behavior occurs when you download and use the version of the image you uploaded via GitHub into this issue? (so we know whether it's a valid test on our end since I don't know if it's modified by GitHub)
• I see you have the add-on end_to_end_encryption installed, but you said you're not using it. Is that accurate?
• Does your Apache error log by chance show any indication of a crash during these events (I'm assuming you're using mod_php mode)?

[Moini]

@joshtrichards

Aaaah - the network log was a very good idea! Thank you.

UBlock origin seems to think that the PUT request is insecure and blocks it.

Error message is:
error | "Strict Cookie has not been found in request"

Cookie types sent:

• "__Host-nc_sameSiteCookielax"
• "__Host-nc_sameSiteCookiestrict"
• "nc_session_id"
• "nc_token"
• "nc_username"
• "oc_sessionPassphrase"
• "oc****uigo" (obscured, in case the weird letters mean something)

Are you able to tell whether this is a UBlockOrigin bug or a Nextcloud bug? The other requests that work seem to send an identical set of cookies.

[Moini]

The error message seems to be specific to Nextcloud, though, not to UBlock origin... mmh. A web search turned up multiple hits for various Nextcloud bugs from this summer, but nothing about UBlock origin.

[joshtrichards]

"__Host-nc_sameSiteCookiestrict"

As far as I can tell from the code, that is the strict cookie.

Can you try in a different browser (or at least with all your extensions like privacy/cookie prevention ones disabled)?

For the record, I'm using uBlock Origin (and Privacy Badger for that matter). And neither cares at all about my NC instances. But there are things that various third-party apps you install in NC might do that could muck with things or set off alarm bells with some uBlock Origin I suppose...

Isn't your Network window saying uBlock Origin is blocking the XHR request? 🤔 What happens if you disable uBlock Origin for your Nextcloud URL?

And, yes, that is the NC error message that gets spit out whenever the check doesn't pass.

[Moini]

Thanks again, @joshtrichards , I found it now... 😳

I would say this is a UBlock origin bug. If I upload something, that should not be blocked...

Also, gotta fix that filter rule... It's far too generic.