Any word on UCS support Open Project version 8.0+? `X-Forwarded-Proto` header issue - error 422


#1

Hello is there any word on will UCS will support Open Project version 8.0+?

[RE: Upgrade on Univention 4.3-3 errata390 - from OP 4.3 --> 8.1 - 422 Unable to verify Cross-Site Request Forgery token. Did you try to submit data on multiple browsers or tabs? Please close all tabs and try

Quote

Hello,

this is a known issue of the UCS setup in combination with HTTPS access to OpenProject. The UCS team is working on a fix. It is indeed connected to the X-Forwarded-Proto header that needs to be set from both the outer and inner Apache worker.

Best regards,


Thanks for your hard work


#2

Hi,

even though I am unsure what exactly you are asking for here I will answer the question about supporting newer versions.

The vendors of the apps are the only responsible for updating them. If a vendor decides to update its app to a later version it is up to him. If not, it will remain at the current version.
Univention supports the vendors in integrating the apps into UCS and performs some compatibility checks before releasing.

Having said this it is clear Univention has no real insight when and if an app will be updated. Just to clear this up.

/CV


#3

Thanks for looking - this is what they are saying over at the Open Project forum, in relation to why v8.1 doesnt work with Univention. it took about 2 weeks to finally figure out what was going on here, so it could be helpful to post it out there so people stop trying to troubleshoot it until UCS resolves the issue on the inner proxy server in UCS apache version. it evidently is not allowing the X-Forwarded-Proto header through both sides, which is required for the https to function. If ssl is being forced through UMC this renders OP non-working with constant 422 error, breaking the install. It shows up in UMC as an update, but once it is executed it breaks Open Project permanently

It is alarming to hear you say UCS has no version control with the apps it is advertising as easy to install and maintain, apps which businesses may come to rely upon, just to have taken away in the next update release. Why should I sell your platform to my clients given this is the case, when I would be setting myself up to fail, ruining my reputation with the business I am servicing for future contracts. Cant you see from my perspective that maybe Univention is coming up short in its sales pitch?

Maybe it could be resolved with more documentation in the UMC notification area that is not just empty update fields, but useful information about whether a particular app hosted in Univention should or should not be updated as of current release of UCS. Nag screens within each app that advise you to upgrade should be disabled until UCS is current with it perhaps, to avoid nastiness.

Otherwise we end up having sold a business a platform that is temporary, as opposed to being a stable component of network infrastructure, or trapped trying to fix the problems caused by a previous IT manager’s choice to use your platform. We wanted true open source, not shareware. It looks like much of the attempt to update may just be the individual app developers drive to get you into their paid products, with little thought given to ensuring stable upgrade paths


#4

Today a new version of OpenProject has been released which addresses the mentioned issue.
It should work now.

But there is a little issue: http:// has been disabled totally so the app can only be reached through https://.

/CV


#5

awesome! Thank you for the fast response


#6

Hello again Christian - thanks for your responsiveness. I am still getting the same error 422 - I have posted a follow up here: