Project

General

Profile

Bug #94

Blocking android chrome browser

Added by Spuds Cooks about 5 years ago. Updated almost 5 years ago.

Status:
Accepted
Priority:
Normal
Target version:
Start date:
09/18/2014
Due date:
% Done:

0%

Estimated time:

Description

When trying to download a file using android chrome (nexus 10), BB blocks the attempt with: 17566707

This occurs in function bb2_safari($package) as the browser is identified by:
Mozilla/5.0 (Linux; Android 4.4.4; Nexus 10 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.117 Safari/537.36

I updated the check to be:
if (!array_key_exists('Accept', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Android") === FALSE) {

that prevents the block.

History

#1

Updated by Michael Hampton about 5 years ago

  • Status changed from New to Feedback

Cannot reproduce.

Check that your phone's Internet connection is not being proxied by your mobile carrier, ISP or government.

Check that your web server is not behind an improperly configured reverse proxy.

#2

Updated by Spuds Cooks about 5 years ago

I've had several users report the issue when they click on download links, the link works fine in all other browsers except chrome on an android device. On that they get a 403 for the reason above. It happens on different servers, in different counties, etc, its not a single install, single server issue.

I inspected the headers with my android tablet via remote debugging chrome desktop, they appear fine (meaning they are correct for what chrome android expects for content headers to download a file) Perhaps you see something missing, but again its only an issue for chrome/android.

example link:
http://elkarte.spudsdesign.com/community/index.php?action=dlattach;topic=1124.0;attach=777
this works fine except on android chrome which BB fails (andorid 4.4.4, chrome 37)

#3

Updated by Michael Hampton about 5 years ago

Where did you get this code? Is it up to date? Chrome/Android 37 does not fail on any other Bad Behavior-enabled site.

#4

Updated by Spuds Cooks about 5 years ago

The code is up to date, its attachment download code for SMF, Wedge, ElkArte forum softwares. I'd imagine its similar to what you would see in PHPBB etc as well. Its pretty basic, it acts on the action in the GET request, finds the file in the db and returns it with appropriate headers.

The link above works find in Dolphin and Firefox in Android, its just something chrome in android is doing, or not doing. Wish I could give you more information, but its another example of chrome/android mishandling headers.

I understand not wanting to change without more details, feel free to close this, its here as a workaround for those that experience the issue.

#5

Updated by Michael Hampton about 5 years ago

  • Status changed from Feedback to Rejected

The "Bad Behavior for SMF" which was published by butchs is unofficial and unsupported. It contains changes to the Bad Behavior core which alter its core blocking behavior, and therefore I cannot support it.

#6

Updated by Spuds Cooks about 5 years ago

Holy left turn, where did that response come from? lol

The link that fails is not even on an SMF forum (you did look at the link?) and the addon in use is 100% unmodified BB core 2.2.15, with a standard interface file such that its compliant with the license.

The "SMF" in my response was to your "Where did you get this code" which I assumed was asking how the supplied link, that BB fails, is processed on the server.

None of that even matters, use that link, chrome on android does not supply an accept header and BB fails it, before the file request is even processed.

#7

Updated by Michael Hampton about 5 years ago

  • Status changed from Rejected to Feedback

Where is this addon?

#8

Updated by Spuds Cooks about 5 years ago

https://github.com/elkarte/Elkarte/tree/master/sources/ext/bad-behavior is the one at the test link.

or

https://github.com/Wedge/wedge/search?utf8=%E2%9C%93&q=bad+behavior although that one is like the SMF one I'd guess.

Both of the above projects are derivatives (forks) of SMF so they have essentially the same link handling in the software. I used the SMF name since that was/is the "parent" and far more familiar software.

Just tried this one: https://github.com/nealpoole/fluxbb-bad-behavior on a fluxbb board and it also seems to fail the link (on android chrome).

#9

Updated by Michael Hampton about 5 years ago

  • Status changed from Feedback to New

All right, I think I have enough info to start looking into it.

#10

Updated by Michael Hampton almost 5 years ago

  • Status changed from New to Accepted

Also available in: Atom PDF