Upgrade to Beta8 deletes all icons


(Jay Pfaffman) #40

The solution to too many posts on a row is to edit the other posts, but perhaps you ran up against link limits.


(Chris Croome) #41

Thanks @pfaffman, I didn’t want to mix up posts relating to different servers, so I keep the post about the un-upgraded live server seperate from the post about the upgraded development server as I thought it might get too confusing if I put everything into one post. I did try deleting previous posts but that only partially helped so I have now un-deleted all of them. The issue was one of too many posts in a row, I didn’t get any link limit warnings.


(RBoy) #42

I have a similar issue after upgrading from BETA6 to v2.2.0.beta8 +11, the favicon’s are not loading or loading and then being replaced with an empty page icon. It’s weird because if I have 3 windows open, one of them will have the favicon and the other two won’t. If I refresh the favicon loads for a split second and then is replaced by a empty page box icon.

It was working fine with BETA6.

Things I’ve tried

  1. Restart browser
  2. Incognito mode
  3. Remove all icons and replace them
  4. Use PNG for favicon
  5. Use ICO for favicon
  6. Reset to nothing (now it shows the discourse icon without an issue)
  7. Replace the favicon (same thing, one window shows the favicon the other shows a blank page box)
  8. Checked the security certificates (lets encrypt is enabled)
  9. Used the wizard and admin pages

Am a little lost here on what next to try. It’s just the favicon, the rest seems to be okay


(Alan Tan) #43

There is a cache on the favicon, you will need to wait around 30minutes before it is properly updated.


(Jeff Atwood) #44

The correct reaction to that should be

  • editing your earlier posts
  • waiting for someone to reply to you

not

  • creating a new account

(RBoy) #45

Waited for about 40 minutes, no change. What’s weird was when I testing it earlier, when I removed the Favicon, it defaulted back to the discourse favicon immediately and that when the page loads it shows the favicon for a split second and then it changes to an empty box.

image

Where next should I look/see/do?

EDIT: For what it’s worth I’m seeing another thing now with BETA8, in chrome now it’s giving a warning about loading unsafe scripts. Never has this issue before. I was reading somewhere on the release notes about something to do with cross site scripting. Wondering if that causing the isssues:

image


(Jeff Atwood) #46

For new sites, CSP is on by default. Is this a new install?


(RBoy) #47

Nope been there for almost 2 years, just recently updated from BETA6 to BETA8 and now these things have cropped up after the update.


(Jeff Atwood) #48

You can check your site settings, CSP should be off by default then for an existing site that updated. It will be on by default when 2.3 is released though in summer 2019.


(Alan Tan) #49

Can you check if there is a favicon configured in your site settings? If possible, please provide me with the URL.


(RBoy) #50

You can see, just refreshed all the pages, once it shows the favicon, the next time it doesn’t.


(RBoy) #51

When I posted a minute ago it looked like:

Now just by itself, notice the admin page favicon disappeared:
image


(Chris Croome) #52

Sorry for being incorrect, I won’t do it again.

Does anyone have any insight regarding why the test.sands.community site has no mobile icon after the upgrade even though all the icons appear in the admin interface? I’m happy to provide whatever information I can to debug this.


(Alan Tan) #53

You need to set force_https to true in your site settings.


(RBoy) #54

That seemed to fix all our issues here also :slight_smile:

So, why this change now? It’s been working fine without this option being enabled (it was disabled just to provide an alternative option to use http incase something happens with letsencrypt/certificate). What changed in this last BETA upgrade which stops the icons from loading and providing the unsafe scripts warning?


(Chris Croome) #55

I have just realised what the issue is here, these sites have this plugin installed:

Previously the logos were set to paths that were public, for example:

So, I guess the question is, “can I use the rails console to set the URL’s of the logos?” or “can I add some Nginx rules to make some specific images public?”

[EDIT] I’m not having much luck setting variable in the console:

[14] pry(main)> SiteSetting.logo_url = "https://test.sands.community/public-images/sands-logo-text.png"
=> "https://test.sands.community/public-images/sands-logo-text.png"
[15] pry(main)> SiteSetting.logo_small_url = "https://test.sands.community/public-images/sands-logo.png"
=> "https://test.sands.community/public-images/sands-logo.png"
[16] pry(main)> SiteSetting.where(name: "logo_url").first
=> #<SiteSetting:0x00005585daca0cc8
 id: 194,
 name: "logo_url",
 data_type: 1,
 value: "https://test.sands.community/public-images/sands-logo-text.png",
 created_at: Thu, 17 Jan 2019 18:50:12 UTC +00:00,
 updated_at: Thu, 17 Jan 2019 18:54:20 UTC +00:00>
[17] pry(main)> SiteSetting.where(name: "logo_small_url").first
=> #<SiteSetting:0x00005585daeb6be8
 id: 195,
 name: "logo_small_url",
 data_type: 1,
 value: "https://test.sands.community/public-images/sands-logo.png",
 created_at: Thu, 17 Jan 2019 18:54:56 UTC +00:00,
 updated_at: Thu, 17 Jan 2019 18:54:56 UTC +00:00>

I can set values but it doesn’t result in these URLs being used for logos as far as I can see, does anyone have any suggestions?


Disallow anonymous users from viewing image & file URLs
(Alan Tan) #56

It was due to Basic site logos should hit the CDN. Previously, SiteSetting icons that are frequently used were not served via the CDN, if configured. The change made it such that we would generate a full URL for the icon and the generation process looks at SiteSetting.force_https to determine the scheme of the URL.


(RBoy) #57

So then I guess the force_https option should be removed, it’s redundant as it can be disabled without breaking the images and also having the browser the unsafe scripts. Having it there (as much as I would like that option to not use https) it just going to create confusion.


#58

I still have this issue in the latest version.

If it’s the default, why does the Discourse logo appear instead of an icon?


(Stephen) #59

Absolutely not, without it all sites running Discourse that have any historic hard-coded insecure URLs don’t get rewritten, and users see a mixed content error. That’s many orders of magnitude worse than a site which has a missing logo due to a broken third-party plugin.

If this is a confirmed problem with discourse-images-guardian is it even a bug? Core is working fine, a third party plugin is responsible.