Hi all. Sorry for hijacking this thread but I have the very same problem with our Wiki (Version 13.4 and 13.8 - no issues in a backup of our Wiki v. 12.8!).
When I have the UrlRewriteFilter enabled in web.xml like explained here (https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/ShortURLs/#HUrlRewriteFilter) I cant upload attachments via the attachment tab on the bottom of the wiki page. Also I can’t create pages with importing office files like a Word document. However uploading a file as attachment with the CKEditor works perfectly fine. Deleting attachments also works. No additional issues detected.
To make things clearer let me post some steps I did to narrow down the problem.
Network tool of my browser (Firefox, F12 thing):
Working upload Wiki version 12.8 with UrlRewriteFilter ENABLED:
http://wiki/upload/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/WebHome
http://wiki/get/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/?xpage=attachmentslist&forceTestRights=1
Working upload Wiki version 13.8 with UrlRewriteFilter DISABLED:
http://wiki/bin/upload/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/WebHome
http://wiki/bin/get/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/?xpage=attachmentslist&forceTestRights=1
13.8 looks quite similar to 12.8, except for the truncated /bin path.
Deleting the attachment in Wiki version 13.8 with UrlRewriteFilter DISABLED:
http://wiki/bin/delattachment/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/WebHome/SOPImportV3.docx?form_token=0vW5AprzpcH5gztU0bjKwQ&xredirect=%2Fbin%2Fview%2FSpielwiese%2FInhaltsverzeichnis%2520auf%2520der%2520rechten%2520Seite%2F%23Attachments
http://wiki/bin/view/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/#Attachments
In this case I can see a token being submitted.
Not working upload Wiki version 13.8 with UrlRewriteFilter ENABLED:
http://wiki/upload/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/WebHome
http://wiki/view/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/?resubmit=%2Fbin%2Fupload%2FSpielwiese%2FInhaltsverzeichnis%2520auf%2520der%2520rechten%2520Seite%2FWebHome%3Fsrid%3DaAlfLXLN&xback=%2Fview%2FSpielwiese%2FInhaltsverzeichnis%2520auf%2520der%2520rechten%2520Seite%2F&xpage=resubmit
The second URL looks completely different from what I see when the UrlRewriteFilter is disabled.
In my logfiles I can read:
Oct 7 09:49:58 wiki tomcat9[1593]: 2021-10-07 09:49:58,913 [http-nio-80-exec-6 - http://wiki/upload/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/WebHome] WARN o.x.c.i.DefaultCSRFToken - CSRFToken: Secret token verification failed, token: "null", stored token: "OSzeGOh4ZCS7oqO8Z8dcTA"
and
[07/Oct/2021:10:09:56 +0000] "GET /view/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/?resubmit=%2Fbin%2Fupload%2FSpielwiese%2FInhaltsverzeichnis%2520auf%2520der%2520rechten%2520Seite%2FWebHome%3Fsrid%3DLKYTgX64&xback=%2Fview%2FSpielwiese%2FInhaltsverzeichnis%2520auf%2520der%2520rechten%2520Seite%2F&xpage=resubmit HTTP/1.1" 401 6468
So it seems there is something wrong with the CSRFToken.
When I upload and delete an attachment via CKEditor and with UrlRewriteFilter ENABLED:
http://wiki/get/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/?sheet=CKEditor.FileUploader&outputSyntax=plain&syntax=xwiki%2F2.1&language=de&form_token=OSzeGOh4ZCS7oqO8Z8dcTA&initiator=filebrowser
http://wiki/delattachment/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/WebHome/SOP_Import_V3.docx?form_token=OSzeGOh4ZCS7oqO8Z8dcTA&xredirect=%2Fview%2FSpielwiese%2FInhaltsverzeichnis%2520auf%2520der%2520rechten%2520Seite%2F%23Attachments
http://wiki/view/Spielwiese/Inhaltsverzeichnis%20auf%20der%20rechten%20Seite/#Attachments
So I understand that even with UrlRewriteFilter ENABLED the CSRFToken thing CAN work (but only with the CKEditor, not with the upload button on the attachment tab).
Oh, and when I try to create a page with importing an office file I get an error message like this after hitting submit:
This does not occur when the UrlRewriteFilter is disabled.
Pls help
Thanks!
Heino