[Bug]: Public link shares don't work anymore #53886
Description
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration/webserver/proxy issue.
- This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- I agree to follow Nextcloud's Code of Conduct.
Bug description
An external share (by link) is generated (and listed in the database) but when opening this link, the share can't be found:
Logs:
{
"reqId": "aG6D0fPEC0HHQdMoVCKsRwAAAEo",
"level": 1,
"time": "2025-07-09T14:59:29+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "userimap",
"method": "GET",
"url": "/index.php/s/7WKC4dTBaESrc5s",
"message": "UserIMAP backend registered successfully via modern Bootstrap",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0",
"version": "31.0.6.2",
"data": {"app": "userimap"}
}
{
"reqId": "aG6D0fPEC0HHQdMoVCKsRwAAAEo",
"level": 0,
"time": "2025-07-09T14:59:29+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "bruteForce",
"method": "GET",
"url": "/index.php/s/7WKC4dTBaESrc5s",
"message": "The loading of lazy AppConfig values have been triggered by app \"bruteForce\"",
"exception": {
"Exception": "RuntimeException",
"Message": "The loading of lazy AppConfig values have been triggered by app \"bruteForce\"",
"Trace": [
{"file": ".../AppConfig.php", "line": 1193, "...": "..."},
{"file": ".../AppConfig.php", "line": 106, "...": "..."},
{"file": ".../BruteforceAllowList.php", "line": 39, "...": "..."},
{"file": ".../Throttler.php", "line": 86, "...": "..."},
{"file": ".../Throttler.php", "line": 112, "...": "..."},
{"file": ".../Throttler.php", "line": 129, "...": "..."},
{"file": ".../Throttler.php", "line": 202, "...": "..."},
{"file": ".../PublicShareMiddleware.php", "line": 39, "...": "..."},
{"file": ".../MiddlewareDispatcher.php", "line": 73, "...": "..."},
{"file": ".../Dispatcher.php", "line": 106, "...": "..."},
{"file": ".../App.php", "line": 161, "...": "..."},
{"file": ".../Router.php", "line": 307, "...": "..."},
{"file": ".../base.php", "line": 1040, "...": "..."},
{"file": ".../index.php", "line": 24, "...": "..."}
]
}
}
{
"reqId": "aG6D0fPEC0HHQdMoVCKsRwAAAEo",
"level": 1,
"time": "2025-07-09T14:59:29+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "no app in context",
"method": "GET",
"url": "/index.php/s/7WKC4dTBaESrc5s",
"message": "IP address throttled because it reached the attempts limit in the last 30 minutes [action: ShareController::showShare, delay: 200, ip: <MY_IP>]",
"version": "31.0.6.2"
}
{
"reqId": "aG6D0fPEC0HHQdMoVCKsRwAAAEo",
"level": 1,
"time": "2025-07-09T14:59:30+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "core",
"method": "GET",
"url": "/index.php/s/7WKC4dTBaESrc5s",
"message": "Bruteforce attempt from \"<MY_IP>\" detected for action \"ShareController::showShare\".",
"version": "31.0.6.2",
"data": {"app": "core"}
}
{
"reqId": "aG6D0_PEC0HHQdMoVCKsUgAAAFo",
"level": 1,
"time": "2025-07-09T14:59:31+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "userimap",
"method": "GET",
"url": "/cron.php",
"message": "UserIMAP backend registered successfully via modern Bootstrap",
"version": "31.0.6.2",
"data": {"app": "userimap"}
}
{
"reqId": "aG6D0_PEC0HHQdMoVCKsUgAAAFo",
"level": 0,
"time": "2025-07-09T14:59:31+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "cron",
"method": "GET",
"url": "/cron.php",
"message": "WebCron call has selected job with ID 1426",
"version": "31.0.6.2",
"data": {"app": "cron"}
}
Actually it's weird to get the brute-force warning (I also tested it with my phone outside the wifi => same warning):
/cloud/LIVE$ php occ security:bruteforce:attempts <MY_IP>
- bypass-listed: false
- attempts: 2
- delay: 400
The share is successfully stored in the database:
SELECT JSON_OBJECT(
'id', id,
'share_type', share_type,
'uid_owner', uid_owner,
'file_target', file_target,
'token', token
) AS share_json
FROM `O39jE_share`
WHERE token = "7WKC4dTBaESrc5s";
gives
{"id": 112, "share_type": 3, "uid_owner": "stefan", "file_target": "/TeamCash", "token": "7WKC4dTBaESrc5s"}
Steps to reproduce
- Create a new public share (no password, no expiration date)
- Open link
- Get the error
Expected behavior
The shared directory is displayed.
Nextcloud Server version
31
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.1
Web server
Apache (supported)
Database engine version
MariaDB
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
- Default user-backend (database)
- LDAP/ Active Directory
- SSO - SAML
- Other
Configuration report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"update.example.tld",
"cloud.example.tld"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https://cloud.example.tld",
"overwriteprotocol": "https",
"dbtype": "mysql",
"version": "31.0.6.2",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "O39jE_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"logtimezone": "UTC",
"installed": true,
"imap_host": "example.tld",
"imap_inHost": "imap.example-host.tld",
"imap_inPort": 143,
"imap_inSSL": "tls",
"imap_outHost": "smtp.example-host.tld",
"imap_outPort": 587,
"imap_outSSL": "tls",
"imap_ud_host": "https://ud.example.tld",
"user_imap_server": "{imap.example-host.tld:993/imap/ssl}",
"appstore.experimental.enabled": true,
"maintenance": false,
"theme": "",
"loglevel": 0,
"updater.release.channel": "stable",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "sendmail",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"tempdirectory": "/var/www/cloud/tmp",
"mail_sendmailmode": "pipe",
"app_install_overwrite": [
"mail",
"occweb",
"pdfdraw"
],
"twofactor_enforced": "true",
"twofactor_enforced_groups": [
"Gruppe A",
"Gruppe B"
],
"session_lifefime": 86400,
"session_keepalive": false,
"twofactor_enforced_excluded_groups": [],
"lost_password_link": "disabled",
"simpleSignUpLink.shown": false,
"memories.exiftool": "/var/www/cloud/apps/memories/exiftool-bin/exiftool-amd64-glibc",
"memories.vod.path": "/var/www/cloud/apps/memories/exiftool-bin/go-vod-amd64",
"memories.exiftool_no_local": true,
"enabledPreviewProviders": [
"OC\\Preview\\Image",
"OC\\Preview\\HEIC",
"OC\\Preview\\Movie"
],
"memories.index.path": "/username/files/Bilder",
"memories.db.triggers.fcu": true,
"maintenance_window_start": 1
}
}List of activated Apps
Nextcloud Signing status
/cloud/LIVE$ php occ app:list
Enabled:
- activity: 4.0.0
- admin_audit: 1.21.0
- analytics: 5.6.2
- app_api: 5.0.2
- bruteforcesettings: 4.0.0
- calendar: 5.3.4
- checksum: 1.2.6
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contacts: 7.1.4
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- dav: 1.33.0
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- gestion: 2.8.6
- groupfolders: 19.1.2
- guests: 4.3.0
- impersonate: 2.0.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- memories: 7.6.0
- notifications: 4.0.0
- oauth2: 1.19.1
- occweb: 0.2.3
- password_policy: 3.0.0
- photos: 4.0.0-dev.1
- previewgenerator: 5.8.0
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- recommendations: 4.0.0
- related_resources: 2.0.0
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- socialsharing_email: 3.3.0
- support: 3.0.0
- systemtags: 1.21.1
- tasks: 0.16.1
- text: 5.0.0
- theming: 2.6.1
- twofactor_admin: 4.8.0
- twofactor_backupcodes: 1.20.0
- twofactor_totp: 13.0.0-dev.0
- updatenotification: 1.21.0
- user_status: 1.11.0
- userimap: 1.0.1
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- workflowengine: 2.13.0
Disabled:
- activitydefaults: 0.1.0 (installed 0.1.0)
- admin_notifications: 1.0.2 (installed 1.0.2)
- apporder: 0.15.0 (installed 0.15.0)
- cookbook: 0.10.5 (installed 0.10.5)
- disablerememberlogin: 0.3 (installed 0.3)
- encryption: 2.19.0
- extract: 1.3.6 (installed 1.3.6)
- files_clipboard: 0.7.1 (installed 0.7.1)
- files_external: 1.23.0 (installed 1.8.0)
- files_rightclick: 0.15.1 (installed 1.6.0)
- firstrunwizard: 4.0.0 (installed 2.4.0)
- issuetemplate: 0.7.0 (installed 0.7.0)
- nextbackup: 21.1.0 (installed 21.1.0)
- nextcloud_announcements: 3.0.0 (installed 1.4.0)
- pdfdraw: 0.1.2
- rainloop: 7.2.6 (installed 7.2.6)
- ransomware_protection: 1.14.0 (installed 1.14.0)
- sharerenamer: 3.5.0 (installed 3.2.0)
- shorten: 0.0.15 (installed 0.0.15)
- survey_client: 3.0.0 (installed 1.1.0)
- suspicious_login: 9.0.1 (installed 4.1.0)
- theme_switcher-2.1: 2.1
- twofactor_nextcloud_notification: 5.0.0
- user_ldap: 1.22.0Nextcloud Logs
{
"reqId": "aG6D0fPEC0HHQdMoVCKsRwAAAEo",
"level": 1,
"time": "2025-07-09T14:59:29+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "userimap",
"method": "GET",
"url": "/index.php/s/7WKC4dTBaESrc5s",
"message": "UserIMAP backend registered successfully via modern Bootstrap",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0",
"version": "31.0.6.2",
"data": {"app": "userimap"}
}
{
"reqId": "aG6D0fPEC0HHQdMoVCKsRwAAAEo",
"level": 0,
"time": "2025-07-09T14:59:29+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "bruteForce",
"method": "GET",
"url": "/index.php/s/7WKC4dTBaESrc5s",
"message": "The loading of lazy AppConfig values have been triggered by app \"bruteForce\"",
"exception": {
"Exception": "RuntimeException",
"Message": "The loading of lazy AppConfig values have been triggered by app \"bruteForce\"",
"Trace": [
{"file": ".../AppConfig.php", "line": 1193, "...": "..."},
{"file": ".../AppConfig.php", "line": 106, "...": "..."},
{"file": ".../BruteforceAllowList.php", "line": 39, "...": "..."},
{"file": ".../Throttler.php", "line": 86, "...": "..."},
{"file": ".../Throttler.php", "line": 112, "...": "..."},
{"file": ".../Throttler.php", "line": 129, "...": "..."},
{"file": ".../Throttler.php", "line": 202, "...": "..."},
{"file": ".../PublicShareMiddleware.php", "line": 39, "...": "..."},
{"file": ".../MiddlewareDispatcher.php", "line": 73, "...": "..."},
{"file": ".../Dispatcher.php", "line": 106, "...": "..."},
{"file": ".../App.php", "line": 161, "...": "..."},
{"file": ".../Router.php", "line": 307, "...": "..."},
{"file": ".../base.php", "line": 1040, "...": "..."},
{"file": ".../index.php", "line": 24, "...": "..."}
]
}
}
{
"reqId": "aG6D0fPEC0HHQdMoVCKsRwAAAEo",
"level": 1,
"time": "2025-07-09T14:59:29+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "no app in context",
"method": "GET",
"url": "/index.php/s/7WKC4dTBaESrc5s",
"message": "IP address throttled because it reached the attempts limit in the last 30 minutes [action: ShareController::showShare, delay: 200, ip: <MY_IP>]",
"version": "31.0.6.2"
}
{
"reqId": "aG6D0fPEC0HHQdMoVCKsRwAAAEo",
"level": 1,
"time": "2025-07-09T14:59:30+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "core",
"method": "GET",
"url": "/index.php/s/7WKC4dTBaESrc5s",
"message": "Bruteforce attempt from \"<MY_IP>\" detected for action \"ShareController::showShare\".",
"version": "31.0.6.2",
"data": {"app": "core"}
}
{
"reqId": "aG6D0_PEC0HHQdMoVCKsUgAAAFo",
"level": 1,
"time": "2025-07-09T14:59:31+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "userimap",
"method": "GET",
"url": "/cron.php",
"message": "UserIMAP backend registered successfully via modern Bootstrap",
"version": "31.0.6.2",
"data": {"app": "userimap"}
}
{
"reqId": "aG6D0_PEC0HHQdMoVCKsUgAAAFo",
"level": 0,
"time": "2025-07-09T14:59:31+00:00",
"remoteAddr": "<MY_IP>",
"user": "--",
"app": "cron",
"method": "GET",
"url": "/cron.php",
"message": "WebCron call has selected job with ID 1426",
"version": "31.0.6.2",
"data": {"app": "cron"}
}Additional info
No response