[2.1.x] Could not retrieve the file current-version.js about smf HOT 12 OPEN

They seem to indicate that CloudFlare does not support the proper Host header in the calls. If CF does not respect this, they are breaking the RFC standard indicated here: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23
I doubt CF is breaking a very critical RFC. I've tested both fsocket and curl implantations and both work on my systems. Which seems to prove this point false. The RFC says the port number is valid as we have specified in the system. The only default is that without the port specified, it defaults to the default port, which is 80. Our systems still respond on port 80 for services like the SMF files as to not break installations that have not updated.

Altervista indicates they are using a customized version of PHP

“Optimized for Altervista” PHP 7.3, a release of php checked by the Altervista team and stitched around the platform, with big improvements in terms of performances and security

I am going to say their "customized" version of PHP, is causing this issue. I don't know if 8.0 that they have is customized as well. It may also be that they are not handling the HTTPS implantation correctly.

from smf.

Interesting points, but it would be even more interesting to understand why version 2.0.19 is not affected. Is there anything special introduced in 2.1.x that could explain this?

from smf.

2.0 tries curl first, whereas 2.1 tries fsocketopen first. The socket connection succeeds but the connection later fails if wha they say is true that they are rejecting the connection because of the port in the Host header.

from smf.

Just to avoid possible misunderstandings, I don't have CloudFlare enabled on my Altervista account and I can still reproduce the issue. Altervista started to remove its support (and vice versa) from May 2022, so I think CF here is irrelevant: 293526-cloudflare-disattivato-senza-motivo.html#post1486965

I'm going to inform their support thread about the existence of this issue, so any suggestion coming from either side would be appreciated.

from smf.

An Altervista staff member recently provided a workaround that seems to work.
However, it's not the best and I hope there will be a permanent fix on their side or on the SMF side.

from smf.

Looks like they are having you connect to a local proxy and it is connecting out.

from smf.

How many issues related to this host have been reported now? Software packages can code as defensively as possible, but at the end of the day a strangely configured host environment will always be able to break things.

In this case, it appears that the host is interfering with outbound requests in some fashion. The solution would be for them to stop doing that.

from smf.

I've been having similar issues on different hosting providers since I started using SMF. With the test script from the URL above:

<?php
$fp = fsockopen("www.simplemachines.org", 443, $errno, $errstr, 30);

if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET /smf/current-version.js?version=SMF+2.1.1 HTTP/1.1\r\n";
    $out .= "Host: www.simplemachines.org\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);
    }
    fclose($fp);
}
?>

… my current server (hosted by Contabo) returns the following:

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Sun, 11 Jun 2023 10:41:28 GMT
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>cloudflare</center>
</body>
</html>

Until now I didn't even know they were using Cloudflare.

from smf.

Then again, their other test script that is using the SMF code seems to work for me, returning string(32) "window.smfVersion = "SMF 2.1.4";".

from smf.

Huh, apparently it works with my current hosting provider, and I didn't notice for almost a year. 🤡

from smf.

If your using fsocketopen, you need to prefix the hostname with ssl://, in addition to the port number.
https://stackoverflow.com/questions/1757957/how-do-i-get-ssl-working-in-fsockopen

The port number alone won't tell it to use https.

from smf.

I can confirm that it also works when using the fixed script:

<?php
$fp = fsockopen("ssl://www.simplemachines.org", 443, $errno, $errstr, 30);

if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET /smf/current-version.js?version=SMF+2.1.1 HTTP/1.1\r\n";
    $out .= "Host: www.simplemachines.org\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);
    }
    fclose($fp);
}
?>

This results in the following:

HTTP/1.1 200 OK
Date: Mon, 12 Jun 2023 10:36:07 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-cache, must-revalidate
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat, 10 Jun 2023 17:24:13 GMT
etag: "[…]"
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=[…]"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: […]-FRA

20
window.smfVersion = "SMF 2.1.4";
0

PS: I only realized after my last post that Cloudflare might also be on the SMorg side, not at my hoster.

from smf.