XF 1.5 Avatar Issue

[SneakyDave]

hmmm... This has me stumped

Changing an avatar results in the ajax request not completing, and not displaying the updated avatar, but a page refresh shows that the avatar has been updated.

Permissions on the data/avatars directory is world writable.
Doesn't matter if caching is on or not, same thing happens.
Doesn't matter if I use Image Magick, or GD Image Library.
Attachments work fine.
Doesn't matter which style I use.
Doesn't matter which Jquery location I get it from.
Network tools tells me that "avatar-upload" "failed to load response data". Not sure if that's normal, or the problem.

What to look for? I'm almost positive it's got to be something simple.

 

[Paul B]

Presumably this happens with multiple browsers?

Can you also confirm it occurs in a vanilla style with add-ons disabled?

 

[SneakyDave]

Happens in Chrome, IE, and FF. Doesn't matter if addons are disabled or not. Can be reproduced with stock XenForo style.

The version is 1.5.3. Maybe I shold renew the license, and upgrade, just to rule out an old bug?

 

[SneakyDave]

I lied, it doesn't happen in IE, just FireFox, and Chrome.

 

[Chris D]

Just registered to be nosey. There seems to be some clues in the console:

 Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, DENY') encountered when loading 'https://site/account/avatar-upload'. Falling back to 'DENY'.
Refused to display 'https://site/account/avatar-upload' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, DENY'.
Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Sandbox access violation: Blocked a frame at "https://site" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.

Based on this, and based on noticing that you may be running nginx and pagespeed, I would first of all see if pagespeed is responsible, failing that, this thread may well give a clue:

https://xenforo.com/community/threa...mages-for-resource-posting-in-opera-26.87847/

 

[SneakyDave]

Thanks Chris, I'll report back.

 

[SneakyDave]

It wasn't pagespeed, but it was related to the @rainmotorsports HTTP Strict Transport setting.

I disabled this param in nginx, and it works fine now. Thanks again.

  #add_header X-Frame-Options DENY;

 

[rainmotorsports]

It wasn't pagespeed, but it was related to the @rainmotorsports HTTP Strict Transport setting.

I disabled this param in nginx, and it works fine now. Thanks again.

  #add_header X-Frame-Options DENY;

Did I post my nginx config somewhere? Lol.