ckeditor5 upload image MethodNotAllowedException

Created on 30 March 2023, over 1 year ago
Updated 26 December 2023, 12 months ago

I am using the standard ckeditor5 upload image, and am getting a JS error showing
"Couln't upload file:..."

In the log it has this error

Location https://[some_url]/ckeditor5/upload-image/full_html?token=uzycV1vH5T-XLxdP0rmrtcuwXqQ4xTsFeqTwVElSerY
Referrer https://[some_url]/node/603/edit
Message Symfony\Component\Routing\Exception\MethodNotAllowedException: in Drupal\Core\Routing\MethodFilter->filter() (line 46 of C:\xampp_7.2.15\htdocs\Drupal\UMan\uma\www\core\lib\Drupal\Core\Routing\MethodFilter.php).

with no further stacktrace.

Steps to reproduce:
Drupal 9.5.5
Ckeditor5 installed and turned on for FULL HTML format.
Configure "Image" options; click "Enable image uploads"; set proper upload Path configured.
Then upload an image, and you get the error message and log.

The screenshot shows the debug output (from the ddl lines in the code below).

As shown in the debug output, the method is GET, but ckeditor5's routine uses a POST. There is a check in the code below for GET, maybe it comes from that ?

/**
 * Filters routes based on the HTTP method.
 */
class MethodFilter implements FilterInterface {

  /**
   * {@inheritdoc}
   */
  public function filter(RouteCollection $collection, Request $request) {
    $method = $request->getMethod();

    $all_supported_methods = [];
    
    // ddl ( $method, 'method' );
    // ddl ( $collection, 'collection');

    foreach ($collection->all() as $name => $route) {
      $supported_methods = $route->getMethods();

      // A route not restricted to specific methods allows any method. If this
      // is the case, we'll also have at least one route left in the collection,
      // hence we don't need to calculate the set of all supported methods.
      if (empty($supported_methods)) {
        continue;
      }

      // If the GET method is allowed we also need to allow the HEAD method
      // since HEAD is a GET method that doesn't return the body.
      if (in_array('GET', $supported_methods, TRUE)) {
        $supported_methods[] = 'HEAD';
      }

      if (!in_array($method, $supported_methods, TRUE)) {
        $all_supported_methods = array_merge($supported_methods, $all_supported_methods);
        $collection->remove($name);
      }
    }
    if (count($collection)) {
      return $collection;
    }
    throw new MethodNotAllowedException(array_unique($all_supported_methods));
  }

}

There are several related issues that I found, but not yet any good resolution.

I am surprised that no one else had this issue with ckeditor5? Anyone know how to resolve this?

The issue most closely seems to be this one:
https://www.drupal.org/project/drupal/issues/2557469

[See also the other related issues that are listed]

💬 Support request
Status

Closed: duplicate

Version

11.0 🔥

Component
CKEditor 5 

Last updated 2 days ago

Created by

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Issue created by @hoporr
  • To test this, I edited ckeditor5.routing.yml

    In this section here
    methods: [POST]

    I added a GET statement as well:
    methods: [POST, GET]

    After that, the image uploaded OK, without warning or errors.

    That was only a quick test, but it shows that short of the real fix, I can bypass the problem by writing some some hook or route-listener that alters the route.

    Now, I could write a patch, but this feels like a band-aid: Should POST by itself not be OK?

    If so, then the fix should be in the MethodFilter itsef.

    For reference, here is the complete code that I tested with:

    ckeditor5.upload_image:
      path: '/ckeditor5/upload-image/{editor}'
      defaults:
        _controller: '\Drupal\ckeditor5\Controller\CKEditor5ImageController::upload'
      methods: [POST, GET]
      requirements:
        _entity_access: 'editor.use'
        _custom_access: '\Drupal\ckeditor5\Controller\CKEditor5ImageController::imageUploadEnabledAccess'
        _csrf_token: 'TRUE'
      options:
        parameters:
          editor:
            type: entity:editor
    
  • For anybody who has that problem, until there is an official resolution, here is the quick fix that I ended up doing.

    As stated, we could do a patch for ckeditor5 to include the GET, but this feels wrong. Instead, and for now only, I added this event listener, as shown below.

    1) create event listener in [your_module]/src/Routing/EventListener.php as shown below
    2) Add this class to the [your_module].services.yml

    
    <?php 
    
    namespace Drupal\[yourmodule]\Routing;
    
    use Drupal\Core\Routing\RouteSubscriberBase;
    use Symfony\Component\Routing\RouteCollection;
    
    /**
     * ..... 
     */
    class RouteSubscriber extends RouteSubscriberBase {
    
      /**
       * {@inheritdoc}
       */
      protected function alterRoutes(RouteCollection $collection) {
        if ($route = $collection->get('ckeditor5.upload_image')) {
          $route->setMethods(['POST', 'GET']);
        }
      }
    }
    
    
  • Status changed to Postponed: needs info over 1 year ago
  • 🇧🇪Belgium wim leers Ghent 🇧🇪🇪🇺
    1. Can you describe the hosting environment (web server, reverse proxy, etc)?
    2. Can you reproduce this with a vanilla Drupal 9.5 site, without your contrib/custom modules?

    If this were reproducible in Drupal core, I think we'd have gotten dozens or hundreds of reports about this. Plus, our tests would fail! 😅

    So we definitely need more detail to be able to reproduce this 🙏

  • This happens on one of my client's sites, and it happens both on
    1) the server: Linux virtual server, Ubuntu 20.04.6, PHP 8.1, apache, mariaDB, no proxy, Plesk
    2) my local machine: Windows 10, xampp, PHP 8.1, apache, MariaDB

    I then tried this on a second site by this client, which is similar but has some different modules: SAME result/error.

    I only have one more ckeditor5 module enabled (CKEditor Font Size and Family), but turning that on/off made no difference.

    Both sites did have ckeditor4 before this (as well as the c4 version for fonts), which I uninstalled completely before, and removed with composer. After that, I had configured the "Full HTML" text format.

    I believe you that you would not see this on an empty Drupal install, and concur that you would see a lot more error reports on this.

    My theory is, 1) some sort of other contrib module may cause this, or 2) it is a remnant of having had ckeditor4 on the system (unlikely).

    It seems strange, though, that the MessageFilter could not handle POST by itself. I don't easily see how another module could cause that.
    Intuitively it feels like something lower in the system.

    I will keep an eye out whenevever I switch to ckeditor5 on another client site, and update here.

  • I have the same issue:

    Couldn't upload file: oo.jpg.

    Symfony\Component\Routing\Exception\MethodNotAllowedException: in Drupal\Core\Routing\MethodFilter->filter() (line 46 of /var/www/html/web/core/lib/Drupal/Core/Routing/MethodFilter.php).

    The werid thing is that it is working after I go to my user profile and change "Administration pages language" to "No preference".

  • 🇧🇪Belgium wim leers Ghent 🇧🇪🇪🇺

    I've not been able to reproduce 😔

    But the fact that MethodFilter is triggering this error suggests that there's some really weird proxy/antivirus software thing going on …

  • Hello,

    I encountered this same issue on my site. I can confirm that setting "Administration pages language" to "No preference" seems to fix this.

    Here is a repo that can reproduce this issue: https://github.com/hyrsky/drupal-3351241.

    I don't think this has anything to do with ckeditor5 and the bug is somewhere else. I believe this is a is a duplicate of #2706241 🐛 AccessAwareRouter does not respect HTTP method Fixed .

  • I'm looking at this with a debugger and LanguageNegotiationUserAdmin::isAdminPath calls AccessAwareRouter::match with path "/ckeditor5/upload-image/basic_html". This creates a new Request object that no longer has the original request method. Eventually the MethodFilter throws MethodNotAllowedException, since the route for image upload does not accept GET methods.

  • 🇺🇸United States pramodganore

    I was able to replicate when i ran drush updb -y

  • 🇩🇪Germany gmarcel

    I have the same issue.

    Drupal 10.1.1
    CKEditor 5
    PHP 8.2.7

  • 🇩🇪Germany gmarcel

    Hits patch seems to resolve this issue:

    https://www.drupal.org/project/drupal/issues/2706241#comment-14971684 🐛 AccessAwareRouter does not respect HTTP method Fixed

  • Status changed to Closed: duplicate over 1 year ago
  • 🇳🇱Netherlands spokje

    I could reproduce this issue with a clean install of HEAD of 11.x, with more then one language, language negotiation method "Account administration pages" and a user with "Administration pages language" set to anything _but_ "No preference".

    @oikeuttaelaimille in #12 💬 ckeditor5 upload image MethodNotAllowedException Closed: duplicate seems to hit the nail on the head:

    I don't think this has anything to do with ckeditor5 and the bug is somewhere else. I believe this is a is a duplicate of 🐛 AccessAwareRouter does not respect HTTP method Fixed .

    That issue is pretty far along, including (what seem to be) working patches.
    Closing this one as a duplicate.

    Excellent detective work by @JanJanJan and @oikeuttaelaimille.

  • 🇧🇷Brazil larruda

    https://www.drupal.org/project/drupal/issues/3410827 🐛 Can't upload files Active

Production build 0.71.5 2024