I have tested that upload fails only for SSL site. It works fine if i disable SSL. Any advise on how to fix this is much appreciated.

Hello Peter,

I am using ssl and its working - maybe your ssl config is wrong. What are you using? Nginx as reverse proxy to do that?

Anyway, how to edit Main Layout, when you are logged and on website, there is panel on top of page. There is Customize, select HTML editor, in dropdown find Main Layout and locate the script - In Odoo 10 I was able to locate not in Main Layout but in Web Layout.

There is this code:

<script type="text/javascript">

var odoo = {

csrf_token: "<t t-esc="request.csrf_token(None)"/>",

};

</script>

Try replace whole script part if your ssl config is right.

Good luck

Hi Jakub, my nginx setting is as follows:

:

server {

listen 443 ssl http2 default_server;

listen [::]:443 ssl http2 default_server;

server_name demo.server.com;

ssl on;

ssl_certificate "/opt/odoo10/ssl/certificate.crt";

ssl_certificate_key "/opt/odoo10/ssl/private.key";

# SSL config recommendation : https://cipherli.st/

ssl_protocols TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0

ssl_session_cache shared:SSL:10m;

ssl_session_tickets off; # Requires nginx >= 1.5.9

ssl_stapling on; # Requires nginx >= 1.3.7

ssl_stapling_verify on; # Requires nginx => 1.3.7

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

add_header X-Frame-Options DENY;

add_header X-Content-Type-Options nosniff;

# configures NGINX to wait no more than 10 seconds between writes

# from the client for either headers or body

client_body_timeout 10s;

client_header_timeout 10s;

proxy_read_timeout 720s;

proxy_connect_timeout 720s;

proxy_send_timeout 720s;

## If you use https make sure you disable gzip compression

## to be safe against BREACH attack.

gzip off;

# Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;

location / {

limit_conn addr 10;

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-Host $host;

proxy_set_header X-Forwarded-Server $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://127.0.0.1:8069;

}

location /longpolling {

proxy_pass http://127.0.0.1:8072;

}

error_page 404 /404.html;

location = /40x.html {

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

}

}

Hi Jakub, you are right. Its the SSL config that is causing the upload issue. Thanks!

After anonymization, this is my nginx config. Feel free to use it :)

server {

listen 80;

server_name server;

return 301 https://$host$request_uri;

}

server {

listen 443;

server_name server;

ssl on;

ssl_certificate /etc/letsencrypt/live/server/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/server/privkey.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_dhparam /etc/nginx/ssl/dh_param.pem;

location / {

proxy_pass http://127.0.0.1:8069/;

proxy_set_header Host $http_host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-FORWARDED_PROTO https;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

}

location ^~ /web/database { deny all; }

access_log /var/log/nginx/server-access.log;

error_log /var/log/nginx/server-error.log;

}

so Peter, did my config help?