joomla/Component-Builder
joomla/Component-Builder
41
25
Fork 11
Code Issues 90 Pull Requests Projects 4 Wiki Activity

[BUG]: Cloudflare is making it impossible to upgrade #1210

New Issue
Open
opened 2025-03-12 20:54:00 +00:00 by AntzCode · 1 comment
AntzCode commented 2025-03-12 20:54:00 +00:00
Copy Link

What Happened?

With Joomla! installed on localhost, I installed version 5.0.4-beta1.

Today I have attempted to perform updates through Extensions > Manage Extensions, it keeps showing an error:

Update: Could not open update site #4 "Component Builder", URL: https://git.vdm.dev/joomla/Component-Builder/raw/branch/5.x/componentbuilder_update_server.xml

I have attempted to load this URL and was blocked by Cloudflare "Please verify you are human". After complying with their request, I can then see the contents of the XML file in the browser tab, however when I then try to do the updates again in Joomla!, it gives the same error message.

Steps to reproduce the Bug

Install Joomla! on localhost.
Install JCB v5.0.4-beta1.
Go to System > Extensions > Manage Extensions.
Click "Check for Updates"

It should show available updates, however it shows an error message instead "Update: Could not open update site #4 "Component Builder", URL: https://git.vdm.dev/joomla/Component-Builder/raw/branch/5.x/componentbuilder_update_server.xml"

Which Joomla version are you compiling in?

5.2.5

Which PHP version are you compiling in?

8.1.31

Which Joomla versions are you targeting?

3 and 5

Which PHP version are you targeting?

7.4,8.1, 8.2

Which Web server is JCB running on?

Dockerfile from php:8.1-fpm-bullseye

Which Relational Database is JCB running on?

Docker image mysql:8.0.40-debian

Which OS is JCB running on?

Debian Bullseye

Which JCB version are you using?

v5.0.4-beta1

Where in JCB did this issue occur?

Other

On which browsers did you encounter the issue?

Firefox, Chrome, Microsoft Edge

Additional Comments

I was also not able to upgrade Joomla! Core from 5.2.2 to 5.2.5 through the administrator control panel, it was giving some error message "File checksum failed", so I had to go and download the upgrade zip file and upload it manually. It was then able to upgrade to 5.2.5 successfully.

I have tried to do the upgrade on three browsers: Firefox, Chrome and Microsoft.

I am using a Windows 11 OS behind a corporate firewall. I have also tried disconnecting from that network and connecting to my Mobile Phone's WIFI hotspot, but it still gives the same error message "unable to load the xml file".

### What Happened? With Joomla! installed on localhost, I installed version 5.0.4-beta1. Today I have attempted to perform updates through Extensions > Manage Extensions, it keeps showing an error: Update: Could not open update site #4 "Component Builder", URL: https://git.vdm.dev/joomla/Component-Builder/raw/branch/5.x/componentbuilder_update_server.xml I have attempted to load this URL and was blocked by Cloudflare "Please verify you are human". After complying with their request, I can then see the contents of the XML file in the browser tab, however when I then try to do the updates again in Joomla!, it gives the same error message. ### Steps to reproduce the Bug Install Joomla! on localhost. Install JCB v5.0.4-beta1. Go to System > Extensions > Manage Extensions. Click "Check for Updates" It should show available updates, however it shows an error message instead "Update: Could not open update site #4 "Component Builder", URL: https://git.vdm.dev/joomla/Component-Builder/raw/branch/5.x/componentbuilder_update_server.xml" ### Which Joomla version are you compiling in? 5.2.5 ### Which PHP version are you compiling in? 8.1.31 ### Which Joomla versions are you targeting? 3 and 5 ### Which PHP version are you targeting? 7.4,8.1, 8.2 ### Which Web server is JCB running on? Dockerfile from php:8.1-fpm-bullseye ### Which Relational Database is JCB running on? Docker image mysql:8.0.40-debian ### Which OS is JCB running on? Debian Bullseye ### Which JCB version are you using? v5.0.4-beta1 ### Where in JCB did this issue occur? Other ### On which browsers did you encounter the issue? Firefox, Chrome, Microsoft Edge ### Additional Comments I was also not able to upgrade Joomla! Core from 5.2.2 to 5.2.5 through the administrator control panel, it was giving some error message "File checksum failed", so I had to go and download the upgrade zip file and upload it manually. It was then able to upgrade to 5.2.5 successfully. I have tried to do the upgrade on three browsers: Firefox, Chrome and Microsoft. I am using a Windows 11 OS behind a corporate firewall. I have also tried disconnecting from that network and connecting to my Mobile Phone's WIFI hotspot, but it still gives the same error message "unable to load the xml file".
screenshot-localhost-2025.03.13-09_51_07.png
91 KiB
screenshot-localhost-2025.03.13-09_51_07.png
AntzCode added the
Bug
 label 2025-03-12 20:54:00 +00:00
AntzCode commented 2025-03-12 23:12:57 +00:00
Author
Copy Link

I have obtained some information for debugging. This is the content of $response after $response = $http->get($url, [], 20); at line 251 of /libraries/src/Updater/UpdateAdapter.php

I can see a 403 "Forbidden" response is being returned by Cloudflare. I would imagine that Cloudflare is choosing to forbid the PHP Http Client because it is regarding it as a bot:

object(Joomla\CMS\Http\Response)#1586 (7) { ["phrases":"Laminas\Diactoros\Response":private]=> array(66) { [100]=> string(8) "Continue" [101]=> string(19) "Switching Protocols" [102]=> string(10) "Processing" [103]=> string(11) "Early Hints" [200]=> string(2) "OK" [201]=> string(7) "Created" [202]=> string(8) "Accepted" [203]=> string(29) "Non-Authoritative Information" [204]=> string(10) "No Content" [205]=> string(13) "Reset Content" [206]=> string(15) "Partial Content" [207]=> string(12) "Multi-Status" [208]=> string(16) "Already Reported" [226]=> string(7) "IM Used" [300]=> string(16) "Multiple Choices" [301]=> string(17) "Moved Permanently" [302]=> string(5) "Found" [303]=> string(9) "See Other" [304]=> string(12) "Not Modified" [305]=> string(9) "Use Proxy" [306]=> string(12) "Switch Proxy" [307]=> string(18) "Temporary Redirect" [308]=> string(18) "Permanent Redirect" [400]=> string(11) "Bad Request" [401]=> string(12) "Unauthorized" [402]=> string(16) "Payment Required" [403]=> string(9) "Forbidden" [404]=> string(9) "Not Found" [405]=> string(18) "Method Not Allowed" [406]=> string(14) "Not Acceptable" [407]=> string(29) "Proxy Authentication Required" [408]=> string(15) "Request Timeout" [409]=> string(8) "Conflict" [410]=> string(4) "Gone" [411]=> string(15) "Length Required" [412]=> string(19) "Precondition Failed" [413]=> string(17) "Content Too Large" [414]=> string(12) "URI Too Long" [415]=> string(22) "Unsupported Media Type" [416]=> string(21) "Range Not Satisfiable" [417]=> string(18) "Expectation Failed" [418]=> string(12) "I'm a teapot" [421]=> string(19) "Misdirected Request" [422]=> string(21) "Unprocessable Content" [423]=> string(6) "Locked" [424]=> string(17) "Failed Dependency" [425]=> string(9) "Too Early" [426]=> string(16) "Upgrade Required" [428]=> string(21) "Precondition Required" [429]=> string(17) "Too Many Requests" [431]=> string(31) "Request Header Fields Too Large" [444]=> string(34) "Connection Closed Without Response" [451]=> string(29) "Unavailable For Legal Reasons" [499]=> string(21) "Client Closed Request" [500]=> string(21) "Internal Server Error" [501]=> string(15) "Not Implemented" [502]=> string(11) "Bad Gateway" [503]=> string(19) "Service Unavailable" [504]=> string(15) "Gateway Timeout" [505]=> string(26) "HTTP Version Not Supported" [506]=> string(23) "Variant Also Negotiates" [507]=> string(20) "Insufficient Storage" [508]=> string(13) "Loop Detected" [510]=> string(24) "Not Extended (OBSOLETED)" [511]=> string(31) "Network Authentication Required" [599]=> string(29) "Network Connect Timeout Error" } ["reasonPhrase":"Laminas\Diactoros\Response":private]=> string(9) "Forbidden" ["statusCode":"Laminas\Diactoros\Response":private]=> int(403) ["headers":protected]=> array(22) { ["date"]=> array(1) { [0]=> string(29) "Wed, 12 Mar 2025 23:07:14 GMT" } ["content-type"]=> array(1) { [0]=> string(24) "text/html; charset=UTF-8" } ["accept-ch"]=> array(1) { [0]=> string(277) "Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA" } ["cf-mitigated"]=> array(1) { [0]=> string(9) "challenge" } ["critical-ch"]=> array(1) { [0]=> string(277) "Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA" } ["cross-origin-embedder-policy"]=> array(1) { [0]=> string(12) "require-corp" } ["cross-origin-opener-policy"]=> array(1) { [0]=> string(11) "same-origin" } ["cross-origin-resource-policy"]=> array(1) { [0]=> string(11) "same-origin" } ["origin-agent-cluster"]=> array(1) { [0]=> string(2) "?1" } ["permissions-policy"]=> array(1) { [0]=> string(267) "accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()" } ["referrer-policy"]=> array(1) { [0]=> string(11) "same-origin" } ["server-timing"]=> array(2) { [0]=> string(30) "chlray;desc="91f6f25578e2d9bf"" [1]=> string(196) "cfL4;desc="?proto=TCP&rtt=10177&min_rtt=9835&rtt_var=2590&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3373&recv_bytes=858&delivery_rate=380479&cwnd=252&unsent_bytes=0&cid=7acd262a84c26616&ts=21&x=0"" } ["x-content-options"]=> array(1) { [0]=> string(7) "nosniff" } ["x-frame-options"]=> array(1) { [0]=> string(10) "SAMEORIGIN" } ["cf-chl-out"]=> array(1) { [0]=> string(133) "gN6oAvoWiTReyoFaJO65LgoZkSeV3B8X3FPtcMeEpLMAoPAnSjb83FE0/x3A1dgmZHAm747qSm3reHe7QhTZT/KzLWUD+wdzCIIpkwpxfoE=$l3TCB3z+3J6PhXj17Xjilw==" } ["cache-control"]=> array(1) { [0]=> string(82) "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0" } ["expires"]=> array(1) { [0]=> string(29) "Thu, 01 Jan 1970 00:00:01 GMT" } ["report-to"]=> array(1) { [0]=> string(247) "{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xdwl7DqTFnUSdVDb8aYLsxk3Q5EReN7RcL%2FHCHUcE5KXuRs52Qw2%2By4XctzYmzciD2iRpAmC0Y%2Beto4wjhptHAvvobjfDeMIuwtlchIcMzQ5RoInp%2BhpGFadzW%2FpCw%3D%3D"}],"group":"cf-nel","max_age":604800}" } ["nel"]=> array(1) { [0]=> string(60) "{"success_fraction":0,"report_to":"cf-nel","max_age":604800}" } ["server"]=> array(1) { [0]=> string(10) "cloudflare" } ["cf-ray"]=> array(1) { [0]=> string(20) "91f6f25578e2d9bf-AKL" } ["alt-svc"]=> array(1) { [0]=> string(19) "h3=":443"; ma=86400" } } ["headerNames":protected]=> array(22) { ["date"]=> string(4) "date" ["content-type"]=> string(12) "content-type" ["accept-ch"]=> string(9) "accept-ch" ["cf-mitigated"]=> string(12) "cf-mitigated" ["critical-ch"]=> string(11) "critical-ch" ["cross-origin-embedder-policy"]=> string(28) "cross-origin-embedder-policy" ["cross-origin-opener-policy"]=> string(26) "cross-origin-opener-policy" ["cross-origin-resource-policy"]=> string(28) "cross-origin-resource-policy" ["origin-agent-cluster"]=> string(20) "origin-agent-cluster" ["permissions-policy"]=> string(18) "permissions-policy" ["referrer-policy"]=> string(15) "referrer-policy" ["server-timing"]=> string(13) "server-timing" ["x-content-options"]=> string(17) "x-content-options" ["x-frame-options"]=> string(15) "x-frame-options" ["cf-chl-out"]=> string(10) "cf-chl-out" ["cache-control"]=> string(13) "cache-control" ["expires"]=> string(7) "expires" ["report-to"]=> string(9) "report-to" ["nel"]=> string(3) "nel" ["server"]=> string(6) "server" ["cf-ray"]=> string(6) "cf-ray" ["alt-svc"]=> string(7) "alt-svc" } ["protocol":"Laminas\Diactoros\Response":private]=> string(3) "1.1" ["stream":"Laminas\Diactoros\Response":private]=> object(Laminas\Diactoros\Stream)#1580 (2) { ["resource":protected]=> resource(610) of type (stream) ["stream":protected]=> string(12) "php://memory" } }

I have obtained some information for debugging. This is the content of $response after $response = $http->get($url, [], 20); at line 251 of /libraries/src/Updater/UpdateAdapter.php I can see a 403 "Forbidden" response is being returned by Cloudflare. I would imagine that Cloudflare is choosing to forbid the PHP Http Client because it is regarding it as a bot: `object(Joomla\CMS\Http\Response)#1586 (7) { ["phrases":"Laminas\Diactoros\Response":private]=> array(66) { [100]=> string(8) "Continue" [101]=> string(19) "Switching Protocols" [102]=> string(10) "Processing" [103]=> string(11) "Early Hints" [200]=> string(2) "OK" [201]=> string(7) "Created" [202]=> string(8) "Accepted" [203]=> string(29) "Non-Authoritative Information" [204]=> string(10) "No Content" [205]=> string(13) "Reset Content" [206]=> string(15) "Partial Content" [207]=> string(12) "Multi-Status" [208]=> string(16) "Already Reported" [226]=> string(7) "IM Used" [300]=> string(16) "Multiple Choices" [301]=> string(17) "Moved Permanently" [302]=> string(5) "Found" [303]=> string(9) "See Other" [304]=> string(12) "Not Modified" [305]=> string(9) "Use Proxy" [306]=> string(12) "Switch Proxy" [307]=> string(18) "Temporary Redirect" [308]=> string(18) "Permanent Redirect" [400]=> string(11) "Bad Request" [401]=> string(12) "Unauthorized" [402]=> string(16) "Payment Required" [403]=> string(9) "Forbidden" [404]=> string(9) "Not Found" [405]=> string(18) "Method Not Allowed" [406]=> string(14) "Not Acceptable" [407]=> string(29) "Proxy Authentication Required" [408]=> string(15) "Request Timeout" [409]=> string(8) "Conflict" [410]=> string(4) "Gone" [411]=> string(15) "Length Required" [412]=> string(19) "Precondition Failed" [413]=> string(17) "Content Too Large" [414]=> string(12) "URI Too Long" [415]=> string(22) "Unsupported Media Type" [416]=> string(21) "Range Not Satisfiable" [417]=> string(18) "Expectation Failed" [418]=> string(12) "I'm a teapot" [421]=> string(19) "Misdirected Request" [422]=> string(21) "Unprocessable Content" [423]=> string(6) "Locked" [424]=> string(17) "Failed Dependency" [425]=> string(9) "Too Early" [426]=> string(16) "Upgrade Required" [428]=> string(21) "Precondition Required" [429]=> string(17) "Too Many Requests" [431]=> string(31) "Request Header Fields Too Large" [444]=> string(34) "Connection Closed Without Response" [451]=> string(29) "Unavailable For Legal Reasons" [499]=> string(21) "Client Closed Request" [500]=> string(21) "Internal Server Error" [501]=> string(15) "Not Implemented" [502]=> string(11) "Bad Gateway" [503]=> string(19) "Service Unavailable" [504]=> string(15) "Gateway Timeout" [505]=> string(26) "HTTP Version Not Supported" [506]=> string(23) "Variant Also Negotiates" [507]=> string(20) "Insufficient Storage" [508]=> string(13) "Loop Detected" [510]=> string(24) "Not Extended (OBSOLETED)" [511]=> string(31) "Network Authentication Required" [599]=> string(29) "Network Connect Timeout Error" } ["reasonPhrase":"Laminas\Diactoros\Response":private]=> string(9) "Forbidden" ["statusCode":"Laminas\Diactoros\Response":private]=> int(403) ["headers":protected]=> array(22) { ["date"]=> array(1) { [0]=> string(29) "Wed, 12 Mar 2025 23:07:14 GMT" } ["content-type"]=> array(1) { [0]=> string(24) "text/html; charset=UTF-8" } ["accept-ch"]=> array(1) { [0]=> string(277) "Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA" } ["cf-mitigated"]=> array(1) { [0]=> string(9) "challenge" } ["critical-ch"]=> array(1) { [0]=> string(277) "Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA" } ["cross-origin-embedder-policy"]=> array(1) { [0]=> string(12) "require-corp" } ["cross-origin-opener-policy"]=> array(1) { [0]=> string(11) "same-origin" } ["cross-origin-resource-policy"]=> array(1) { [0]=> string(11) "same-origin" } ["origin-agent-cluster"]=> array(1) { [0]=> string(2) "?1" } ["permissions-policy"]=> array(1) { [0]=> string(267) "accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()" } ["referrer-policy"]=> array(1) { [0]=> string(11) "same-origin" } ["server-timing"]=> array(2) { [0]=> string(30) "chlray;desc="91f6f25578e2d9bf"" [1]=> string(196) "cfL4;desc="?proto=TCP&rtt=10177&min_rtt=9835&rtt_var=2590&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3373&recv_bytes=858&delivery_rate=380479&cwnd=252&unsent_bytes=0&cid=7acd262a84c26616&ts=21&x=0"" } ["x-content-options"]=> array(1) { [0]=> string(7) "nosniff" } ["x-frame-options"]=> array(1) { [0]=> string(10) "SAMEORIGIN" } ["cf-chl-out"]=> array(1) { [0]=> string(133) "gN6oAvoWiTReyoFaJO65LgoZkSeV3B8X3FPtcMeEpLMAoPAnSjb83FE0/x3A1dgmZHAm747qSm3reHe7QhTZT/KzLWUD+wdzCIIpkwpxfoE=$l3TCB3z+3J6PhXj17Xjilw==" } ["cache-control"]=> array(1) { [0]=> string(82) "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0" } ["expires"]=> array(1) { [0]=> string(29) "Thu, 01 Jan 1970 00:00:01 GMT" } ["report-to"]=> array(1) { [0]=> string(247) "{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xdwl7DqTFnUSdVDb8aYLsxk3Q5EReN7RcL%2FHCHUcE5KXuRs52Qw2%2By4XctzYmzciD2iRpAmC0Y%2Beto4wjhptHAvvobjfDeMIuwtlchIcMzQ5RoInp%2BhpGFadzW%2FpCw%3D%3D"}],"group":"cf-nel","max_age":604800}" } ["nel"]=> array(1) { [0]=> string(60) "{"success_fraction":0,"report_to":"cf-nel","max_age":604800}" } ["server"]=> array(1) { [0]=> string(10) "cloudflare" } ["cf-ray"]=> array(1) { [0]=> string(20) "91f6f25578e2d9bf-AKL" } ["alt-svc"]=> array(1) { [0]=> string(19) "h3=":443"; ma=86400" } } ["headerNames":protected]=> array(22) { ["date"]=> string(4) "date" ["content-type"]=> string(12) "content-type" ["accept-ch"]=> string(9) "accept-ch" ["cf-mitigated"]=> string(12) "cf-mitigated" ["critical-ch"]=> string(11) "critical-ch" ["cross-origin-embedder-policy"]=> string(28) "cross-origin-embedder-policy" ["cross-origin-opener-policy"]=> string(26) "cross-origin-opener-policy" ["cross-origin-resource-policy"]=> string(28) "cross-origin-resource-policy" ["origin-agent-cluster"]=> string(20) "origin-agent-cluster" ["permissions-policy"]=> string(18) "permissions-policy" ["referrer-policy"]=> string(15) "referrer-policy" ["server-timing"]=> string(13) "server-timing" ["x-content-options"]=> string(17) "x-content-options" ["x-frame-options"]=> string(15) "x-frame-options" ["cf-chl-out"]=> string(10) "cf-chl-out" ["cache-control"]=> string(13) "cache-control" ["expires"]=> string(7) "expires" ["report-to"]=> string(9) "report-to" ["nel"]=> string(3) "nel" ["server"]=> string(6) "server" ["cf-ray"]=> string(6) "cf-ray" ["alt-svc"]=> string(7) "alt-svc" } ["protocol":"Laminas\Diactoros\Response":private]=> string(3) "1.1" ["stream":"Laminas\Diactoros\Response":private]=> object(Laminas\Diactoros\Stream)#1580 (2) { ["resource":protected]=> resource(610) of type (stream) ["stream":protected]=> string(12) "php://memory" } } `
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Beta
Issues related to the a beta release
Bug
Documentation
enhancement
help wanted
invalid
joomla
Joomla related changes
question
URGENT
wontfix
No Label
Bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
aamigo Lemuel Llewellyn Malachi Roline vistamedia Martin Martin Kopp aB0t Robot ro-ot root TLWebdesign Tom van der Laan
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: joomla/Component-Builder#1210
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?