Taiga 6: Images are not shown in Wiki after Taiga 5 migration, but the new yes. Token problems

We have recently migrated/upgraded the Taiga 5 to 6 environment following the procedure Upgrade from Taiga5 to Taiga6

Everything has worked without a problem but we have detected a problem in the Wiki sections where we observed that the images/attachments are not visible but are accessible. On the other hand, if we upload new images, they are displayed correctly.

Using the browser debugging tools we observe that the resources return an HTTP 403 for both the image and the thumbnail and comparing a new one with an existing one we observe that they lack the token.

Wiki migrated resource/image Taiga 5->6:

  • xxxx/media/attachments/b/2/e/9/baa0cc251c9016f7add3925a98f9cc860b4a97b7fbc6c7151da03ec34055/550px-test_1.jpg = HTTP 403

  • xxxx/media/attachments/b/2/e/9/baa0cc251c9016f7add3925a98f9cc860b4a97b7fbc6c7151da03ec34055/test_1.jpg = HTTP 403

Wiki new resource/image Taiga6:

  • xxxx/media/attachments/b/2/e/9/baa0cc251c9016f7add3925a98f9cc860b4a97b7fbc6c7151da03ec34055/550px-test_2.jpg?token=ZoTr0A%3Ay5IxvCaDH_PepOMXJFuMW1Zl- M1dfzZqo-JwYbIXUTDPFVQbdwFJ-QGo79Tpn9aQ9h9RFzfd8dVqJMriGk7wQw = HTTP 200 OK

  • xxxx/media/attachments/b/2/e/9/baa0cc251c9016f7add3925a98f9cc860b4a97b7fbc6c7151da03ec34055/test_2.jpg?token=ZoTr0A%3Ay5IxvCaDH_PepOMXJFuMW1Zl-M1df zZqo-JwYbIXUTDPFVQbdwFJ-QGo79Tpn9aQ9h9RFzfd8dVqJMriGk7wQw = HTTP 200 OK

The images, as indicated, are accessible since they are available in the attachments section below the wiki. In addition, the resource or all media content has been migrated and avatars, documents, etc. They are accessible.


Hi there,

Yeah, that happens because those old URLs do not have the ?token= parameters, and you activated the media-protected component.

Depending on how many “old” images you have, you can either add, for example ?token=1 to every old image URL in the wiki. The part after token= is irrelevant, since that should start the token refresh process.

If that is not feasible, you can remove the media-protected component and configure your reverse proxy to not go through media-protected.

Hope this helps!

Best regards!

Hello, I have already tried the option to disable the taigaio/taiga-protected component and adjust the config taiga-back and gateway and it works without a problem, but I would like to keep it.

I have tried including the suggested “?token=1” in the wiki links but it still doesn’t work, it doesn’t regenerate the tokens and it still maintains token=1.

Logs taiga-protected after edit link

Token is not valid signature='attachments/f/e/4/4/b442e7451fd37aece9ba42eaa75854ef6235b3168c17b549eb31023608e1/test1.png:1?token=1' max_age=360 date_signed='Empty'
Traceback (most recent call last):
  File "/taiga-protected/server.py", line 76, in token_is_valid
    value, ts = signer.unsign(
  File "/taiga-protected/_vendor/itsdangerous.py", line 453, in unsign
    raise sig_error
  File "/taiga-protected/_vendor/itsdangerous.py", line 439, in unsign
    result = Signer.unsign(self, value)
  File "/taiga-protected/_vendor/itsdangerous.py", line 391, in unsign
    raise BadSignature('Signature %r does not match' % sig,

Should I restart or regenerate any service?