picture not diplay normally

[notfresh]

Describe the bug
The picture in comment not display normally

To Reproduce
Steps to reproduce the behavior:

1. install the answer by docker run -d -p 9080:80 -v answer-data:/data --name answer apache/answer:latest
2. update my avartar, it shows normally
3. post an answer
4. the picture in the answer post did not diplay normally but I can find it in the volume /data/upload/post

Expected behavior
The image shows normally

Screenshots

Platform (please complete the following information):

• Device: [e.g. Desktop, Mobile]
• OS:
  LSB Version: core-11.1.0ubuntu2-noarch:security-11.1.0ubuntu2-noarch
  Distributor ID: Ubuntu
  Description: Ubuntu 20.04.6 LTS
  Release: 20.04
  Codename: focal
• Browser: microsoft Edge
• Version: docker image apache/answer latest d3da45f971e2 21 hours ago 110MB

[notfresh]

[LinkinStars]

@notfresh You can check as follows.

1. Confirm that the image url can be accessed directly from your browser.
2. Is there any error log output?

[notfresh]

@LinkinStars the image can't be visited from brower, it redirect to another page with a tip 403

I use docker ps CONTAINER_NAME , only to find some log:

2023-12-01 05:01:36.106 ERROR   gin/context.go:891      net/http: invalid Cookie.Domain "MyIP:9080"; dropping domain attribute
2023-12-01 05:01:38.155 ERROR   gin/context.go:891      net/http: invalid Cookie.Domain "MyIP:9080"; dropping domain attribute
2023-12-01 05:02:09.515 ERROR   gin/context.go:891      net/http: invalid Cookie.Domain "MyIP:9080"; dropping domain attribute

which was too old and not match the image error

I run docker deamon and docker container with the only user root.

[LinkinStars]

@notfresh This issue has been asked before. FYI: #502 (comment)

[notfresh]

@LinkinStars I have aquestions:

Why does the picture I set as my avatar which I upload could show on the web page normally?

As you said in the #502 issue, the problem could be settled with domain name , but why the avatar could show normlly IN IP VISIT MODE ?

Is there any authentication mechanism to block the picture by ip visit but no such a check on avatar? I have logged in the brower and with cookie open

[LinkinStars]

@LinkinStars I have aquestions:

Why does the picture I set as my avatar which I upload could show on the web page normally?

As you said in the #502 issue, the problem could be settled with domain name , but why the avatar could show normlly IN IP VISIT MODE ?

Is there any authentication mechanism to block the picture by ip visit but no such a check on avatar? I have logged in the brower and with cookie open

@notfresh Thank you for your question. Yes, the two have different validation rules. Since avatars may come from different sources such as gravatar. So it is currently left open for avatars. Since the essential aspect of this requirement is actually that we don't want the content of the user's question or answer to be posted somewhere else in private mode. Surely, we will consider your point about private access for avatars though.

[yuanjinger]

Turning off this configuration allows the images to be displayed correctly

[magjogui]

So, this is a bug?, there is another way to solve it?, and keep the setting as "login required=true"?

[upcc-jesse]

Turning off Login Required also fixes the issue for me, but I need to keep this setting enabled. Any solution?

[LinkinStars]

Turning off Login Required also fixes the issue for me, but I need to keep this setting enabled. Any solution?

Configuring and using a domain can solve this problem.

[upcc-jesse]

Turning off Login Required also fixes the issue for me, but I need to keep this setting enabled. Any solution?

Configuring and using a domain can solve this problem.

I'm using a domain (https + valid cert). Problem persists.

[LinkinStars]

Turning off Login Required also fixes the issue for me, but I need to keep this setting enabled. Any solution?

Configuring and using a domain can solve this problem.

I'm using a domain (https + valid cert). Problem persists.

@upcc-jesse Thanks for the feedback. Is there an error log for this? Actually, the error invalid Cookie.Domain no longer exists for images accessed via a domain.

[upcc-jesse]

Interestingly it's first a HTTP 302 response when trying to fetch the picture, which redirects to the 403 page. I'm guessing this is just a quirk of how the server handles 40x errors?

No logs are generated - in fact, the application generates very few logs overall, even with LOG_LEVEL set to DEBUG. When fetching the image, no log is generated.

[LinkinStars]

@upcc-jesse Please confirm two issues. The first is whether cookies are allowed in your browser, or whether the problem is the same in other browsers. The second is whether the image can be opened by accessing the image address url directly. Thanks.

[upcc-jesse]

The image cannot be accessed directly in the browser.
Cookies are allowed in the browser (Firefox)
The issue does not occur in Google Chrome, Edge, or even Firefox in a private session.

It working in a Firefox private session appears to point at something being cached or in a cookie.
I had previously done a force refresh (CTRL+F5) in my usual Firefox session in an attempt to troubleshoot this, but that did not solve the issue.

With this new info I went to Firefox's Developer Tools (F12) -> Storage and deleted everything from this tab - specifically cookies, but there was also data in Local Storage and Session Storage. Images now load as expected.

Thanks for your help troubleshooting.