Error from async-upload.php – redirect 302 – with SSL enabled

Not sure what may be going on here. Do you have any urls hardcoded at all with your side of implementation?

Not seeing any specific references to async-upload.php in the CMB2 plugin itself, but it may be getting called via other functions that we do use.

Hi Michael.
I don’t hardcode any url, nor anything out of common. I’ll try to explain the best I can:
– Site uses theme that used CMB2 for some custom fields.
– Site works perfectly, having a private users section in which they can upload logo images and a pdf as dossier.
– Install and activate SSL in the hosting provider.
– Use Really Simple SSL to avoid mixed content.
– Access via https works smoothly BUT uploading files from the front end (no problem in admin)
– Access via http still works, no problem found.
– Tried to disable admin-ajax.php validation in htaccess with no effect.
– I created a simple form with a file field and works right in https.

The problem: when accessing via https, when a file is uploaded (doesn’t matter size, format, extention…) in firebug I can see that admin-ajax.php returns a 302 error, and echoes the html corresponding to the login page, as if it wasn’t capable of recognizing user session.
One of the strangest error I’ve found in my developer life, and maybe the only one I haven’t been able to solve so far. ??

Right now, I’ve been forced to disable SSL in order for the page to work, but I’d like to finally use it under SSL as there is sensible data from registered users. Please feel free to ask me whatever you may think. Thanks a lot, Michael

hit view source on the page and check for an admin-ajax reference in javascript blocks. Curious if somehow the url being used for it is http over https and the server isn’t configured in a way to have it work as well, thus the 302 error.

Hi again, Michael:
Thanks for your response.
I’ve checked source code and all javascript files are correctly directed to https.
There are several references to admin-ajax.php like:
var ajaxurl = 'https://server.com/test/wp-admin/admin-ajax.php';
WordPress has a file called script-loader.php that generates another javascript line like:
var _wpUtilSettings = {"ajax":{"url":"\/test\/wp-admin\/admin-ajax.php"}};
I don’t know if that has something to do as it’s just a relative path call. I assume it’s right, as it’s a WP core file call. ??

It still fails. It seems that the upload is correct but when the file uploading finishes, the header location response from async-upload.php is:
`https://server.com/test/wp-login.php?redirect_to=https%3A%2F%server.com%2Ftest
%2Fwp-admin%2Fasync-upload.php&reauth=1′
This file fields are included in a form that didn’t have the “http” nor “https” in its action parameter, so I changed the code to have the correct protocol with no luck (was a blind shot, though).
Oh my, I’m lost with this.

I’m starting to think that the error comes from user privileges.
The theme I use insert new customer users as “subscribers”, and therefore, this kind of users don’t have the privilege to upload files, hence the silent validation error.
If I change a logged user its role to administrator, he CAN upload files and this problem doesn’t happen.
If tried using a pair of role plugins to increase subscriber role with no luck, also modifying its role via functions.php, with same results.
But I’m tracking down this issue and think I’m about to kill it.
Maybe you may have any idea why is this happening?

Your stumbling on capabilities is as best of a guess as I have, to be honest, especially since the URLs all seem to have the proper protocol for the js based ones. I think the issue is boiling down to something at the return response level from the server, which is after the task that CMB2 does.

I think you’re right. I published the site yesterday and suddenly subscribers couldn’t upload any type of file! I freaked out and reviewed all code and that, and after a day of very few sleep I’ve been able to see that the responsible was a snippet of code that I wrote into the functions.php that disabled access to dashboard to subcribers, as my client didn’t wanted them to view this ugly WordPress panel.
As I removed the code, and used Remove Dashboard Access plugin and it’s working again.
It keeps happening the SSL issue, but it has to be related somehow.
Thanks for your time, Michael.

Wish I had a better answer for you here, but 301 response errors are very much with the server at the time of execution. Not so much a php error we can easily pinpoint and trace through.

Ok, I understand. But it’s just a 302 error, a validation error that was reproduced when I implemented a PHP code that blocked non admins to access to admin panel, so it has to do something with it.
Anyway, you may close this thread as the solution may be anywhere else. ??
Thanks for your time!

I hope this thread is still relevant, because I have the same problem and I can not find a solution … I’ve tried almost everything, but my visitors can not upload their pictures (302 Found – redirect with SSL) and are logged out of my site …

I haven’t seen anything new come in with it since my last reply

I couldn’t make it work, so I couldn’t use SSL with this plugin. I tried different ways but always the same error. ??

Hi Michael,

I’ll start from the beginning. I have a template “Realocation 2.2.0” and it is built into your plugin CMB2. The template must run at “https://” so I use a plugin Really Simple SSL. It’s not upload pictures of users registered on the frontend and makes it a mistake when in action Request URL: https: //mysite.com/wp-admin/async-upload.php is throwing error

302 Found – https://mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fmysite.com%2Fwp-admin%2Fasync-upload.php&reauth=1

I’ve tried everything and the author plugin Really Simple SSL and came to the conclusion that the fault lies elsewhere. Can you help me, please ???

Admittedly I don’t have a dev site set up with an SSL certificate available, so I’m not sure how good I’m going to be for some sort of hands on testing.

From the looks of the 302 Temporary Redirect error, the server isn’t seeing the posted submission being from an authenticated and logged in request, thus it’s redirecting to the login page.

Can you share your metabox configuration, and code being used to display on the frontend. perhaps something obvious will be seen.

Request URL:https://mysite.com/wp-admin/async-upload.php
Request Method:POST
Status Code:302 Found
Remote Address:81.91.86.13:443
Response Headers
view source
Cache-Control:no-cache, must-revalidate, max-age=0
Connection:keep-alive
Content-Length:0
Content-Type:text/html
Date:Mon, 22 Aug 2016 19:21:33 GMT
Expires:Wed, 11 Jan 1984 05:00:00 GMT
Location:https://mysite.com/wp-login.php?redirect_to=https%3A%2F%2Fmysite.com%2Fwp-admin%2Fasync-upload.php&reauth=1
Pragma:no-cache
Server:nginx/1.9.10
X-Powered-By:PHP/5.6.3
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, br
Accept-Language:cs-CZ,cs;q=0.8,en;q=0.6
Cache-Control:no-cache
Connection:keep-alive
Content-Length:212346
Content-Type:multipart/form-data; boundary=—-WebKitFormBoundary76RdoD9IQOeG3Tc3
Cookie:PHPSESSID=fad2df527cd751b24029af6f8c8a4be2; wp-settings-2=libraryContent%3Dbrowse; wp-settings-time-2=1471893532; wordpress_test_cookie=WP+Cookie+check
DNT:1
Host:mysite.com
Origin:https://mysite.com
Pragma:no-cache
Referer:https://mysite.com/create-property/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Request Payload
——WebKitFormBoundary76RdoD9IQOeG3Tc3
Content-Disposition: form-data; name=”name”

14060240_10207762163958801_226694889_o.jpg
——WebKitFormBoundary76RdoD9IQOeG3Tc3
Content-Disposition: form-data; name=”action”

upload-attachment
——WebKitFormBoundary76RdoD9IQOeG3Tc3
Content-Disposition: form-data; name=”_wpnonce”

63d0af0f8b
——WebKitFormBoundary76RdoD9IQOeG3Tc3
Content-Disposition: form-data; name=”async-upload”; filename=”14060240_10207762163958801_226694889_o.jpg”
Content-Type: image/jpeg

——WebKitFormBoundary76RdoD9IQOeG3Tc3–
Name
async-upload.php
wp-login.php?redirect_to=https%3A%2F%2Fmysite.com%2Fwp-admin%2Fasync-upload.php&reauth=1
2 requests???3.8?KB transferred

Console