Internal URL no longer oneboxing


(Joshua Rosenfeld) #1

At some point in the last 2 days internal URLs stopped oneboxing on my instance. I’m up to date with tests-passed as of 1:15 AM EST 6/9/17.

There are the errors I’m seeing in the console when a post with an internal URL is loaded. There do not appear to be any related errors in /logs.


Videos used to play, now only links available
Internal oneboxing problem revisited
(Vinoth Kannan) #2

I am unable to reproduce the problem. Are you using any onebox plugin?


(Joshua Rosenfeld) #3

Nope. No non-official plugins.


(Jeff Atwood) #4

Can you repro this on meta or try?


(Joshua Rosenfeld) #5

Nope. Hence #support and not #bug. Hoping there might be suggestions on why, and how to troubleshoot.

Edited OP to be clearer.


(Vinoth Kannan) #6

I can reproduce the same problem even for external URL below. It returns same ‘404 not found’ error.

As it mentioned in another topic


(Jeff Atwood) #7

Sorry I am not following, what does that external URL have to do with this report of internal (discourse) URL oneboxing issues?


(Joshua Rosenfeld) #8

While I was about to say the same thing - I think the point is I’m getting a very similar console error here on Meta with that link.

Is there any chance there’s some sort of regression going on here?


(Jeff Atwood) #9

Possible, @eviltrout will need to look tomorrow


(Vinoth Kannan) #10

I am trying to say it looks like the problem is randomly happening in some URLs. In both topics it returning the same error. So it might be same issue.


(Tobias Eigen) #11

I seem to recall that private topics don’t work for oneboxing - is that the issue you are experiencing with internal links?

That said, I can confirm I am getting identical 404 errors in the console for both internal links (linking to private topics in a private category) and namati.org links.


(Joshua Rosenfeld) #12

While my site is login required (and SSO), internal oneboxes definitely worked before. And the error above comes from a link to a “public” category.


(Robin Ward) #13

It’s normal for onebox to return the 404 error you’re seeing in the console above if it can’t retrieve the onebox, so I don’t think the error for internal oneboxes is the same as the external one.

I need better steps to reproduce this internal issue. (The external one linked before is good for me to investigate)


(Joshua Rosenfeld) #14

I don’t really have any more details at the moment. I’ll see what the results of your investigation with the external link are, then see if I need to get you more detail.


(Robin Ward) #15

I already replied in there - it’s due to the User Agent being blacklisted somehow. I don’t think it’s related.


(Joshua Rosenfeld) #16

Oh darn…

Well, here’s what I’ve got: it stopped working sometime in the last few days - it definitely worked previously as there are internal link oneboxes all over the forums. Nothing should have changed network wise on our end, but I’m reaching out to IT to check. External oneboxes (at least to other Discourse sites) still works.

I’m open to ideas/questions…


(Robin Ward) #17

When you say internal link, are you referring to links by IP address or internal hostnames? Because a recent security features is meant to disable SSRF attacks by ensuring redirects are to external services.

It’s possible we don’t see it here because external links resolve to a different IP than internal ones. If your network infrastructure is resolving the outer hostname to an internal IP internally that could cause it to stop working.


(Joshua Rosenfeld) #18

Internal hostnames. Pasting a link in the form of https://forums.mydomain.com/t/name-here/id-here.


(Robin Ward) #19

Just to be clear, forums.mydomain.com are visible from the outside world? Or just internally?


(Joshua Rosenfeld) #20

Well, they redirect to another subdomain for auth, but yes, they’re visible.

IT just said “yes”, and “one sec”.