Panel saving files error

Kirby 3 Questions 🤔
1

Hello,
I am almost ready with my first Kirby website. But I got stuck with an erros when I publish it on a Linux server.

I edited the blueprints/file/default.yml to be able to add a CAption and a ALT text to the images. The default.yml file looks like this:

title: Image
options:
  update:
    admin: true
    editor: true
columns:
  - width: 1/2
    sections:
      content:
        type: fields
        fields:
          caption:
            label: Caption
            type: textarea
            size: medium
  - width: 1/2
    sections:
      meta:
        type: fields
        fields:
          alt:
            label: Alternative Text
            type: text

On local Windows server is working fine. But when Igo to the Linux server and try to change a ALT text it gives me an error:
The form could not be saved
Exception: undefined

  • The JSON response from the API could not be parsed. Please check your API connection.*
    If I have a look art the JSON response looks like:
status “error”
route “(.*)/files/([a-zA-Z0-9\.\-_%= \+\@\(\)]+)”
exception “Kirby\Exception\PermissionException”
message “Unauthenticated”
key “error.permission”
file “concomitentes/kirby/config/api/authentication.php”
line 12
details []
code 403

Any clue what could be happening?

Thanks

Jorge

2

Have you tried to clear your /site/sessions folder and cleared the browser cache? This seems to be a problem with the session token.

Can you edit pages? Does this only happen when editing the alt field? I guess you get the same error when editing the caption field.

3

Thanks for your replay.
I have tried to clear de sessions , cache and cookies. It is not working. I can edit all the pages and add pages wihtout any problem , it is just when I tried to modify ALT or caption on images.

4

What if you remove the options from the blueprint?

5

I tried, not working. I actually made the blueprint very simple:

title: Image
fields:
alttext:
label: Alternative Text
type: text
width: 1/2

But stil not working. I can rename the file and add files. But I cannot delete them, I get the same error.

6

Hm, I look into this later.

7

Let’s give you an update. Still not working, I have tried deleteing the sessions again and trying on a new browser, and it didn’t help. I have been playing with the file
/kirby/config/api/authentification.php

// csrf token check
if ($auth->type() === ‘session’ && $auth->csrf() === false) {
throw new PermissionException(‘Unauthenticated’, 403);
}

I checked thath $auth->type() is “session” and when I try to send in the response $auth->csrf() it is empty, should it have a value?? it doesn’t print “false” neither.

8

Hm, this is weird. The token is used for everything and I have no clue at all while it should stop working for file metadata but not other stuff.

Could you test and deploy a completely fresh Starterkit on that same server, and try to add some data to a file. To be able to create a Panel account on the remote server, you have to add

  'panel' =>[
    'install' => true
  ]

to the /site/config/config.php's return statement.

10

I‘m having the same issue. In the past it worked fine, not sure what happened. I recently updated to the latest Kirby version.

My setup is php 8.0, and the issue only happening on files, not pages

11

I have to ask the same question as above: When you upload a fresh 3.9.7 Starterkit to the server, do you get the same issue?

Did the issue happen directly after updating, or did it work after the update, but stopped working later?

Do you see any error messages in your browser console, in the PHP error logs or in the server error logs?

Does this also happen when you update a file programmatically ($file->update()) or only via the Panel?

Does this issue affect any file or only file with a specific template?

12

Will do all of this test and go back, thaks!

13

the problem was with a specific file extension. My webiste has some httacess rules to prevent hotlinking. So when going to edit the file fields the console showed a 403 error when loading the file in the panel.
I removed the httacess rules and it works again but I would like to keep the rules. Is there any workaround?

just in case these are the httacess rules:

RewriteCond %{HTTP:Origin}  !^$|http(s)?://(www\.)?\.mysite\.com$ [NC]
RewriteRule \.(woff2|woff|ttf|otf|eot)$ - [NC,L]
RewriteCond %{HTTP_REFERER} !.
RewriteRule \.(woff2|woff|ttf|otf|eot)$ - [F,NC,L]