Client uses wrong base URL for /app/list endpoint

[daniel-lerch]

Pre-submission Checks

• I checked for similar issues, but could not find any. I also checked the closed issues. I could not contribute additional information to any existing issue.
• I will take the time to fill in all the required fields. I know that the bug report may be dismissed otherwise due to lack of information.

Describe the bug

On initial startup, the ownCloud Desktop Client synchronizes files but is caught in an endless loop and requests the following endpoints:

• GET /owncloud/owncloud/app/list
• GET /owncloud/status.php
• GET /owncloud/ocs/v2.php/cloud/user?format=json
• GET /owncloud/remote.php/dav/avatars/USERNAME/128.png
• PROPFIND /owncloud/remote.php/webdav/

See the logs section for a link to a server log excerpt.

This has two main effects:

1. Wasted bandwidth and server-sided CPU usage
2. Reconnect after sleep does not work anymore and the client process must be restart to get sync running again

Expected behavior

Instead of /owncloud/owncloud/app/list the client should request /owncloud/app/list and not get caught in an endless loop.

Steps to reproduce the issue

1. Setup an ownCloud server with a custom base path, e.g. https://example.org/owncloud
2. Configure synchronization with an ownCloud Desktop Client v5.0.0 (I never experienced the same issue with earlier versions)
3. Start the sync client
4. Watch constant bandwidth usage by ownCloud in Task Manager
5. Watch 55-60 requests per seconds in your server logs

Screenshots

No response

Logs

Log excerpt from ownCloud Docker Container

Client version number

ownCloud 5.0.0.12278 8f9152
Qt Bibliotheken 6.4.3, OpenSSL 3.1.2 1 Aug 2023
verwenden die Erweiterung für virtuelle Dateien: wincfapi
OS: windows-10.0.22621
QPA: windows

Desktop environment (Linux only)

No response

Client package version and origin (Linux only)

No response

Installation path (Windows only)

C:\Program Files\ownCloud

Server information

ownCloud 10.13.2.3 from docker.io/owncloud/server:10.13

Note that my ownCloud server is running behind an NGINX reverse proxy with a custom base path, e.g. https://example.org/owncloud

Reverse proxy configuration via environment variables for ownCloud Container:

OWNCLOUD_DOMAIN=example.org
OWNCLOUD_SUB_URL=/owncloud

Reverse proxy configuration via config.php entries:

  'trusted_domains' =>
  array (
    0 => 'example.org',
  ),
  'trusted_proxies' =>
  array (
    0 => '172.31.255.2',
  ),
  'overwrite.cli.url' => 'https://example.org/owncloud',
  'htaccess.RewriteBase' => '/owncloud',
  'overwritehost' => 'example.org',
  'overwriteprotocol' => 'https',

NGINX configuration without workarounds:

    location /owncloud {
        set $upstream owncloud-app;

        proxy_pass http://$upstream:8080$request_uri;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-Host $host;
    }

Additional context

As a workaround, I mapped /owncloud/owncloud/app/list to /owncloud/app/list in my NGINX reverse proxy configuration. With this workaround in place, all problems described here do not appear anymore.

[michaelstingl]

ownCloud desktop should query what your /ocs/v1.php/cloud/capabilities announces:

curl -s -u "test:test" "https://demo.owncloud.com/ocs/v1.php/cloud/capabilities?format=json" | jq ".ocs.data.capabilities.files.app_providers"
[
  {
    "enabled": true,
    "version": "1.1.0",
    "apps_url": "/app/list",
    "open_web_url": "/app/open-with-web",
    "new_url": "/app/new"
  }
]

You could upload your debug log, including HTTP requests and responses here:

• https://cloud.owncloud.com/s/1UYKMoRQ0BLwfJ1

Here you can find more information:

• https://doc.owncloud.com/desktop/5.0/appendices/troubleshooting.html#obtaining-the-desktop-app-log-file

[daniel-lerch]

@michaelstingl I have uploaded a client logfile to the upload link you gave me.

My ownCloud server announces the following capabilities:

[
    {
        "enabled": true,
        "version": "1.1.0",
        "apps_url": "\/owncloud\/app\/list",
        "open_web_url": "\/owncloud\/app\/open-with-web",
        "new_url": "\/owncloud\/app\/new"
    }
]

These URLs are correct when appended to the host but not correct if appended to the root URL.

[michaelstingl]

"apps_url": "/owncloud/app/list",

@DeepDiver1975 this looks wrong. Server issue? Does not respect proxy configuration via config.php?

[DeepDiver1975]

Proxy config is respected. That's why the generated url contains the sub folder.

Anywhere on the web /foo/bar means: this is the full path to be used.

So in this case where owncloud is living in https://example.com/owncloud a url in style /owncloud/app/list should resolve to https://example.com/owncloud/app/list.

Where as /app/list shall resolve to https://example.com/app/list

[DeepDiver1975]

In contrast relative path resolution would look like
app/list -> https://example.com/owncloud/app/list if called on an owncloud in a sub folder

Clients should be capable to properly resolve both - in theory. In the end we can agree on using one or the other - but we should do it correctly.

[TheOneRing]

In contrast relative path resolution would look like app/list -> https://example.com/owncloud/app/list if called on an owncloud in a sub folder

Clients should be capable to properly resolve both - in theory. In the end we can agree on using one or the other - but we should do it correctly.

The client does not follow redirects.

[DeepDiver1975]

I am not talking about redirects. I only explain how paths are resolved ....

[TheOneRing]

[16/Oct/2023:11:27:32 +0000] "GET /owncloud/owncloud/app/list HTTP/1.1" 302 940 "-" "Mozilla/5.0 (Windows) mirall/5.0.0.12278 (ownCloud, windows-10.0.22621 ClientArchitecture: x86_64 OsArchitecture: x86_64)"

[grohart]

I had the same infinite loop on /owncloud/owncloud/app/list with ownCloud server 10.13.2-1 installed behind a NGINX proxy and using the 5.0.0.12278 client, the following line in my NGINX config seems to stop this loop and the sync is working as usual

location /owncloud/owncloud { return 410; }

[atroxix]

In my case at some point OwnCloud server started being bombarded very aggressively by users. After adding the same rule in Apache (RedirectMatch 410 ^/owncloud/owncloud/app/list$), the number of queries against the server lowered by approximately 40 times (with around 10 users).

It seems to be happening with OwnCloud client 5+ - one user's client was first upgraded to 5.1.2.12600 (behaved the same way) and then downgraded to 4.2 (although I still saw it querying /owncloud/owncloud/app/list endpoint, the number of queries was reduced dramatically right away).

[michaelstingl]

You could upload your debug log, including HTTP requests and responses here:

• https://cloud.owncloud.com/s/1UYKMoRQ0BLwfJ1

@daniel-lerch looks like HTTP logging wasn't enabled

 % cat ownCloud.log| grep sync.httplogger | wc -l
       0

Here you can find more information:

• https://doc.owncloud.com/desktop/5.1/appendices/troubleshooting.html#log-http-requests-and-responses

[daniel-lerch]

@michaelstingl can I create you an account on an ownCloud of mine to debug this issue yourself or do you need my HTTP logs? Because of so many comments from other users, I'm sure this issue is reliably reproducible.

[michaelstingl]

@daniel-lerch sure, you can send a test account to apps-at-owncloud.com

[michaelstingl]

Anywhere on the web /foo/bar means: this is the full path to be used.

@DeepDiver1975 could you point to a HTTP spec / RFC something? Needs to be checked across all clients.

[michaelstingl]

@DeepDiver1975 as a workaround, can the .ocs.data.capabilities.files.app_providers be disabled?

[DeepDiver1975]

@DeepDiver1975 as a workaround, can the .ocs.data.capabilities.files.app_providers be disabled?

maybe by setting this to false - https://github.com/owncloud/core/blob/11076ecce92b44d82f18dcffa8696fa272410ea3/lib/private/OCS/CoreCapabilities.php#L58

[DeepDiver1975]

@DeepDiver1975 could you point to a HTTP spec / RFC something? Needs to be checked across all clients.

Nothing in by head directly ..... but you can basically demo this to yourself in a terminal .... both commands below have a different meaning depending on pwd.

pwd can be / or /owncloud in our context

ls /app/list
ls app/list

[daniel-lerch]

@daniel-lerch sure, you can send a test account to apps-at-owncloud.com

@michaelstingl I sent you an email to the specified address with credentials to a test instance that you can use to debug this issue.

[saw-jan]

Tested with ownCloud 5.2.0.12670-rc.1 [2b74be]
Client requests to /owncloud/app/list and not get caught in an endless loop ✔️