User cannot use custom avatar with Amazon S3

Bug
1

We upgraded the discourse to 1.3.0.beta1
After that, users cannot change their avatars. Moreover, if user has already used his own avatar and try to change the custom avatar, his avatar changes to default Gavatar.
We use Amazon S3 to hold the uploaded files.

Anyone experienced this problem?

3 curtidas
2

It seems that the “save” button did not call any js script.

3

Do you have any failures in /logs?

Also note that using S3 for uploaded files is deprecated and slated to be removed sometime in the future.

2 curtidas
4

It’s slated to be removed in 1.3 actually, not “sometime in the future”

1 curtida
5

There is no errors in /logs, which is bizarre.

6

which means both uploaded files and backup files should be stored on the server that runs discourse?

7

I found the error in /logs. It should be:

info
Uncaught SecurityError: Failed to execute ‘toDataURL’ on ‘HTMLCanvasElement’: Tainted canvases may not be exported.
Url: https://discourse.noflynodrivezone.org/assets/application-6ca7abb9990beb8627b7b95957c8c7c4.js
Line: 11
Column: 69
Window Location: https://discourse.noflynodrivezone.org/users/franklyn/preferences

backtrace
Error: Failed to execute ‘toDataURL’ on ‘HTMLCanvasElement’: Tainted canvases may not be exported.
at Error (native)
at HTMLImageElement.n.onload (https://discourse.noflynodrivezone.org/assets/application-6ca7abb9990beb8627b7b95957c8c7c4.js:11:30353)

env
HTTP_HOST: discourse.noflynodrivezone.org
REQUEST_URI: /logs/report_js_error
REQUEST_METHOD: POST
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
HTTP_ACCEPT: /
HTTP_REFERER: https://discourse.noflynodrivezone.org/users/franklyn/preferences
HTTP_X_FORWARDED_FOR: 100.34.14.173
HTTP_X_REAL_IP: 100.34.14.173

params:
message: Uncaught SecurityError: Failed to execute ‘toDataURL’ on ‘HTMLCanvasElement’: Tainted canvases may no
url: https://discourse.noflynodrivezone.org/assets/application-6ca7abb9990beb8627b7b95957c8c7c4.js
line: 11
column: 69
window_location: https://discourse.noflynodrivezone.org/users/franklyn/preferences
stacktrace: Error: Failed to execute ‘toDataURL’ on ‘HTMLCanvasElement’: Tainted canvases may not be exported.

8

Your Chrome version is out of date, you’re on 39 and stable is 40. Try rebooting.

I think you have a canvas tainting bug in your version of Chrome, which is making client-side resizing of the image impossible.

1 curtida
9

upgraded to Chrome 40 but got the same error :cry:

10

Use FireFox gives a slightly different error:

HTTP_HOST: discourse.noflynodrivezone.org
REQUEST_URI: /logs/report_js_error
REQUEST_METHOD: POST
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
HTTP_ACCEPT: /
HTTP_REFERER: https://discourse.noflynodrivezone.org/users/franklyn/preferences
HTTP_X_FORWARDED_FOR: 100.34.14.173
HTTP_X_REAL_IP: 100.34.14.173

params:
message: SecurityError: The operation is insecure.
Url: https://discourse.noflynodrivezone.org/assets/applicat
url: https://discourse.noflynodrivezone.org/assets/application-6ca7abb9990beb8627b7b95957c8c7c4.js
line: 11
column: 0
window_location: https://discourse.noflynodrivezone.org/users/franklyn/preferences
stacktrace: Discourse.Utilities.cropAvatar/</n.onload@https://discourse.noflynodrivezone.org/assets/application-6

11

Where is the avatar you’re uploading coming from? If you’re dropping in an image from another browser window, that’s your problem. Save it to your filesystem first.

Note: It works on My Machineℱ

12

It is not from other browser window.
It is from my local filesystem.
I also disabled the S3 for storage and this does not work either.

13

Getting the same error from multiple users on our instance. Doesn’t seem to matter what format the image is.

1 curtida
14

I working together with @franklyn

we tried to disable this option, ‘automatically download gravatars’. but it seems that when users try to upload their own avater, they always get Gravator (the 2nd optioin in the window, ‘change your profile picture’.

15

Here’s another error log. Still quite a big problem for us.

Info

Uncaught SecurityError: Failed to execute 'toDataURL' on 'HTMLCanvasElement': Tainted canvases may not be exported.
Url: http://forum.minecraftpvp.com/assets/application-92226ececbc49206d08980e7920bc4e2.js
Line: 11
Column: 69
Window Location: http://forum.minecraftpvp.com/users/dj_burgerz/preferences

Backtrace

Error: Failed to execute 'toDataURL' on 'HTMLCanvasElement': Tainted canvases may not be exported.
    at Error (native)
    at HTMLImageElement.n.onload (http://forum.minecraftpvp.com/assets/application-92226ececbc49206d08980e7920bc4e2.js:11:30353)
16

Have the same issues and errors in my discourse instance. Just updated to 1.3.0beta1.

3 curtidas
17

follow the discuss at
https://meta.discourse.org/t/avatar-upload-not-working/20075/26
to upgrade to v1.3.0.beta1 +102, still have the problem but no error logs at all.

1 curtida
18

the model didn’t saved here.

19

Sorry, but do not understand what you mean, you find how to fix it? or should I do something to fix it?

20

Now getting this error after clearing some storage and upgrading the docker manager (doubt either are related).

SecurityError: The operation is insecure.
Url: http://forum.minecraftpvp.com/assets/application-92226ececbc49206d08980e7920bc4e2.js
Line: 11
Column: 0
Window Location: http://forum.minecraftpvp.com/users/kazwolfe/preferences

Backtrace

Discourse.Utilities.cropAvatar/</n.onload@http://forum.minecraftpvp.com/assets/application-92226ececbc49206d08980e7920bc4e2.js:11:30350

Started after updating to 1.3.0 beta 1.