User cards for anonymous visitors immediately dissappear with "500 Internal Server Error" in `card.json?include_post_count_for`

Hi there, I’m not sure for how long this has been happening, and I can only reproduce it on my self-hosted Discourse instance, which I just updated to the latest version as of now.

When an anonymous visitors clicks on any user avatar, the outline of the user card pops up for a few milliseconds and then immediately disappears. The F12 error console shows:


Status  500 Internal Server Error
Version  HTTP/2
Transferred  294 B (46 B size)
Referrer Policy  strict-origin-when-cross-origin
Request Priority  Highest

This also happens in safe mode.

I don’t have the hide user profiles from public setting enabled, but I did test enabling it a few days ago, not sure if that has anything to do with it.

These seems like it may be connected to your efforts to include the post counts on the usercard. Did you create a plugin for this in the end?

No I never got that to work. At any rate that would have been disabled in safe mode.

The ?include_post_count_for=xxxxx number is the number of the topic ID, not the user.

I assumed the function that is failing was for the “X posts in this topic” button that appears in a user card.

Safe mode only disables front-end code and will leave some server-side things in place, so it may still be a plugin even if it occurs in safe mode. There’s a recent post with more info in here Safe-mode failed with a plugin - #4 by david

I can’t replicate this issue on my test site. Do you have any plugins/extra settings/anything unusual that could be having an impact? Is there any more information in the /logs about the error?

Hmm, thanks for that, looks like you right, it was due to this plugin:

Pinging @pfaffman

Message (184 copies reported)

NoMethodError (undefined method `in_any_groups?' for nil:NilClass)
lib/plugin/instance.rb:301:in `public_send'
lib/plugin/instance.rb:301:in `block (2 levels) in add_to_class'
app/serializers/user_card_serializer.rb:144:in `can_send_private_message_to_user'
(eval):18:in `_fast_attributes'
app/controllers/application_controller.rb:545:in `render_json_dump'
app/controllers/users_controller.rb:147:in `block (2 levels) in show'
app/controllers/users_controller.rb:140:in `show'
app/controllers/users_controller.rb:152:in `show_card'
app/controllers/application_controller.rb:414:in `block in with_resolved_locale'
app/controllers/application_controller.rb:414:in `with_resolved_locale'
lib/middleware/omniauth_bypass_middleware.rb:74:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:367:in `call'
config/initializers/100-quiet_logger.rb:20:in `call'
config/initializers/100-silence_logger.rb:29:in `call'
lib/middleware/enforce_hostname.rb:24:in `call'
lib/middleware/request_tracker.rb:228:in `call'


plugins/discourse-allow-pm-to-staff/plugin.rb:52:in `block (2 levels) in activate!'
lib/plugin/instance.rb:301:in `public_send'
lib/plugin/instance.rb:301:in `block (2 levels) in add_to_class'
app/serializers/user_card_serializer.rb:144:in `can_send_private_message_to_user'
(eval):18:in `_fast_attributes'
active_model_serializers (0.8.4) lib/active_model/serializer.rb:468:in `rescue in attributes'
active_model_serializers (0.8.4) lib/active_model/serializer.rb:455:in `attributes'
active_model_serializers (0.8.4) lib/active_model/serializer.rb:480:in `_serializable_hash'
active_model_serializers (0.8.4) lib/active_model/serializer.rb:359:in `serializable_hash'
active_model_serializers (0.8.4) lib/active_model/serializer.rb:343:in `as_json'

I’ve slipped it over to support as it’s a third-party plugin. :+1:


Does this problem persist after you upgraded?

With the original version of the plugin that was unmodified for years I never noticed this issue. Then when the update broke PMs between users I disabled the plugin. And now since I reenabled it with your latest fixes is when I noticed this issue.

So the issue does persist?

The issue with the user cards disappearing for anonymous users happens while GitHub - pfaffman/discourse-allow-pm-to-staff: Allow private messages to be sent to staff for users who could otherwise not send private messages. is enabled and resolves when the plugin is disabled.

1 Like

I believe that this bug has been fixed now. Please upgrade if you haven’t already.

Confirmed fixed, thanks!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.