Error when download url is in a s3 bucket

Hello !

I’m looking for a solution like OnlyOffice for a client.
So I’m actually trying OnlyOffice, that’s my favorite but I have an annoying error.

I’m running with Document Server in docker.
And the web application is made with React/NextJS, when I want to open a file, I have the following error : Download failed.

When I go on the server logs, I have :
nodeJS - error downloadFile:url=https://***/test.docx;attempt=3;code:undefined;connect:undefined Error: Error response: statusCode:400; headers:{“x-amz-request-id”:"",“x-amz-id-2”:"",“content-type”:“application/xml”,“transfer-encoding”:“chunked”,“date”:“Wed, 18 Jan 2023 16:06:21 GMT”,“server”:“AmazonS3”,“connection”:“close”};

The file is open access with my s3 bucket, the CORS config is * and I tried to download the file with curl within the docker container and its working.

I really don’t understand why I get this error, can someone help me ?

Thanks.

1 Like

Hello @KylianBrun
Do I understand it right that there’s no any authentication on the storage (s3) side? It’s important thing so Document server could be able to take a file. You can run a simple test, copy\paste url to the file to your browser tab. If you are able to download the file, most likely Document server can do it too.
Also please check mutual availability between servers with wget\telnet commands. If it doesn’t help, please reproduce the issue and provide us with whole Document server logs folder (by the way, please let us know your Document server version).

Hello @Alexandre !

Thanks for you reply !

Yes, the authentication is disabled for this bucket/item.
I tried to wget the file with the same link inside the VM and it’s working.
I also tried to wget the file inside the docker container and it’s working too.

This is the full error, I have this error each time I try to open the editor



This is on version : 7.2.2.56

I’ve taken url to the file from your log and pasted it to browser. File is available. Are there any error entries in out.log file of docservice folder?
Also please reproduce the issue with open browser console (F12 in Google Chrome). Please check ‘Console’ and ‘Network’ tabs > make screenshots of any error entries.

I’m having the exactly same issue with version 7.3, did you finally know how to solve this issue?

Hello @isaza00
Unfortunately, topic starter didn’t come back with new information, so investigation was stopped.
As for your situation, please provide us with details:

  1. Document server version, guide which you used for installation process.
  2. Do you integrate Document server with your own self-written storage or ready-to-go one (such as Nextcloud, ownCloud, Seafile, etc.)?
  3. Please reproduce the situation and provide us with exact issue scenario (if it’s possible, please make screenshots)
  4. When the issue is reproduced, please provide us with Document server logs folder.

Also please run a test. Please try to disable JWT on the Document Server’s side or try to change the header.

  1. Open /etc/onlyoffice/documentserver/local.json

  2. Find the following section:

     "inbox": {
       "header": "Authorization",
       "inBody": false
     },
     "outbox": {
       "header": "Authorization",
       "inBody": false
     }
    

    },

  3. Change the header values, so the section looks like this:

     "inbox": {
       "header": "AuthorizationJwt",
       "inBody": false
     },
     "outbox": {
       "header": "AuthorizationJwt",
       "inBody": false
     }
    

    },

  4. Close and save the config, restart all Document Server services with supervisorctl restart all;

  5. Try once again to open the file.

Hello @Alexandre !

Sorry, I wasn’t available for this project recently.

I think you’re right and this is a JWT problem. I made network logging and the Document Server send JWT/Auth headers to AWS that AWS refuse.

How can I disable JWT ? The document server is in a docker container on my machine and I can’t access to /etc/onlyoffice/documentserver/local.json file.

Thanks for you help !

You can go inside the container with docker exec -it ID_of_container bash command > nano /etc/onlyoffice/documentserver/local.json
You can check ID of container with docker ps command.

I just solve my problem this morning.

For @isaza00 and maybe others, when you use the docker container of OnlyOffice, by default JWT token is enabled for incoming and outcoming requests.
You cannot disable only for outcoming requests but you can’t have an Authorization header when requesting AWS S3 file because it will be rejected.

So I needed to clone the Docker-DocumentServer of OnlyOffice and modify the run-document-server.sh file (and build the docker image)

There is my changes :

Thanks you for your help @Alexandre !

Hello @KylianBrun
We’re glad that you managed the situation.
By the way, I believe there’s the simplest way to disable JWT on Document server side. The necessary settings are located inside the container here: /etc/onlyoffice/documentserver/local.json
If you change anything in local.json file, you have to run supervisorctl restart all command to accept changes.

If anyone is still having this issue and wants a solution that still uses JWT tokens for everything except for downloading the document from S3 for example, edit the /etc/onlyoffice/documentserver/local.json file and set the services.CoAuthoring.token.enable.browser field to false

Hello @bfogiel
Thank you for your sharing.
Just a tip. In such cases like error DownloadFile +statuscode:400 in the logs as topic starter provided (in case of using AWS S3) , please try to disable the “outbox” parameter. This should be enough to resolve the situation:

"token": {
    "enable": {
      "request": {
        "inbox": true,
        "outbox": false
      },
      "browser": true
    },

The only issue with disabling outbox was that OnlyOffice would not send the token to my backend callback url to save the document which I need for security reasons.

Although you may be referring to a slightly different issue than I. I was getting 404s when OnlyOffice was trying to download from s3

It seems so. However, thank you for your sharing. I hope it will help other users in the similar cases.