upload fail topic #350311

Hi,

The code added to HikaShop regarding the improvement you're pointing at doesn't contain any of the changes discussed on this other thread.
We actually talked with a developer of JCHOptimize about the issue, and they proposed another modification so that the javascript of the uploader would get the CSRF token from Joomla before sending the AJAX request. That way, it would be up to date as JCH sets the CSRF token in the javascript so that it is not cached.
So with these modifications, the other modifications in the upload.php files shouldn't be necessary.

Now, with your feedback, I look deeper into it again, and I think I've made a mistake when implementing the changes. I've made a patch which should make it work without modification necessary in the uploader.php files.
Download again the install package of the 4.7.5 and install it on your website to get the patch and it should work without having to change the code in the uploader.php file.
If that still doesn't work, please provide a link to a page with the issue on your website so that we can look into it again (you can add the modifications again in that case, we'll still be able to study the issue).

Hi,

I still see the same javascript code on your page, without the modification I added yesterday.
I suppose you forgot to clear your JCHOptimize cache and thus you're still seeing the old code on the page and that's why it still didn't work.

Hi,

I just did a test and it worked fine and I can see the token in the upload request:
i.imgur.com/HYBhPJr.png
Could the problem be elsewhere ? Like you provided a file which isn't compatible with the restrictions you have in place ?

Hi,

Then I don't see why it would fail since now the token is properly provided by HikaShop during the upload.

We would need to investigate with a backend and FTP access. Could you provide that via our contact form ?
www.hikashop.com/support/contact-us.html

Hi,

The backend access you provided didn't work.

So I did some debugging with just the FTP access. I found today that contrarily to when I looked at the situation on your website 4 days ago ( www.hikashop.com/support/forum/checkout/...c-350311.html#354456 ) when it worked, the CSRF flag is not added to the AJAX upload request anymore.
I checked with FTP and I can still see the patch I've added a week ago.
I can also see the new code in the javascript to handle the CSRF flag on your page.
So this means that some of the javascript is not properly initialized on the page.
I think it comes from the javascript errors you have there:
i.imgur.com/NpQ7CJI.png
I think they are linked to a PayPal plugin. The error says that the client id is missing somehow.
However, I checked the cached JS of JCOptimize and I can see the client id in the URL:
i.imgur.com/WmmFo8d.png
So there might be some incompatibility with the JS SDK file of PayPal and JCHOptimize. I would recommend two things:
- JCHOptimize must have an option to turn off the caching of external files. Try turning this off and clearing the cache once. That should hopefully fix the javascript errors.
- This JS SDK file is only there to display messages on the product page. So it's not a crutial part. Supposing that you're using the PayPal Checkout plugin in HikaShop, there are display settings you can turn off in the payment method to not display these messages on the frontend listings / product details page / cart page, etc. Turn them off and then clear the JCHOptimize cache and it should fix the javascript errors.
Once the JS errors are fixed, the CSRF flag should be added to the AJAX upload request again, and the upload should work again without modifications in the code of HikaShop.

Hi,

Thanks for the message.

HikaShop actually doesn't do either of this.
When you're triggering the upload of a file on the page, the HikaShop javascript will now call

Joomla.getOptions("csrf.token", "")