10
1

I am trying to edit some data and I am getting the following error message upon hitting the edit tab:

      "Editing failed - make sure JOSM or Merkaartor is loaded and the remote control option is enabled".

I have JOSM loaded, but not sure how or where, to enable the 'remote control option'.

This question is marked "community wiki".

asked 15 Jan '11, 01:13

Bennet%20Campoverde's gravatar image

Bennet Campo...
31345
accept rate: 0%

edited 30 Apr '15, 17:00

aseerel4c26's gravatar image

aseerel4c26 ♦
28.1k13208482

What browser do you use? The noscript addon for Firefox will interfere with remote control.

(12 Feb '11, 18:59) emj
4

The thing in NoScript that interferes with JOSM remote control is the ABE, the Application Boundaries Enforcer. The ABE by default prevents pages on the internet from fiddling around with your local computer. You will find the ABE settings under the Advanced tab in the NoScript options dialog. Either you may disable the ABE completely (lazy, but somewhat bad idea) or write a customized ruleset that lets the commands to JOSM pass through.

The documentation is found here: http://noscript.net/abe/

(12 Feb '11, 21:03) gnurk

… for this NoScript issue see an answer below.

(30 Jul '14, 20:11) aseerel4c26 ♦

I had the same problem and this is my solution: I changed the system-ABE from

Site LOCAL Accept from LOCAL Deny

to

Site LOCAL Accept from LOCAL Accept from *.openstreetmap.org Deny

(28 May '15, 07:33) caigner

19

also, if you're started having problems in April of 2014 or later, it could be the HTTPS certificate problem, as OpenStreetMap "Edit with remote control" started using HTTPS port on TCP/8112 (it used plaintext HTTP on TCP/8111 before, so there was no certificate and no problem).

To fix it, go to https://127.0.0.1:8112/ and accept invalid certificate.

See github issue 740 for more info

permanent link

answered 09 Jun '14, 18:50

Matija%20Nalis's gravatar image

Matija Nalis
6161611
accept rate: 15%

2

Thanks, your answer help me to deal with that problem. I tried since a week and nothing in the JOSM wiki page Help/Preferences/RemoteControl helps to resolve that.

(30 Jul '14, 19:15) FabienT

@FabienT you should probably report that to JOSM help web page maintainer (or fix it yourself if you have wiki account there)

(31 Jul '14, 13:49) Matija Nalis
1

@Matija Nalis and @FabienT: I just have added a paragraph to this wiki page.

(31 Jul '14, 14:06) aseerel4c26 ♦
10

In the JOSM menu select Edit/Preferences.../ or press F12

Click on the remote control icon

Select "Enable Remote Control" and click OK.

(If you have a JOSM version older than 3715, then RemoteControl is only available as a plugin. You can either get the plugin, or update JOSM.)

permanent link

answered 15 Jan '11, 09:40

gnurk's gravatar image

gnurk
6.0k106095
accept rate: 15%

edited 15 Jan '11, 09:52

Frederik%20Ramm's gravatar image

Frederik Ramm ♦
58.8k70552922

I think JOSM should come with the remote control turned ON by default (maybe it already does since I my configuration files are quite old, I only update the program file).

(30 Dec '11, 10:07) Kozuch

In my experience on Ubuntu and MacOS, JOSM has to be up and running for the remote control to work. So I start JOSM, go back to the browser and then select edit in remote control with JOSM.

(02 Aug '13, 15:16) stf

does anybody have a .jar file of the old remote control plugin?

I am trying to get this working on an old Java 5 system running JOSM 3377, and the automatic plugin downloading no longer works. thanks

(29 Jan '15, 18:14) M Toups

If the problem is NoScript then you can to allow the request through the ABE blocker rules as follows:

1) Open the NoScripts options dialog,
2) Goto the Advanced pane then the ABE sub-pane
3) Change the SYSTEM rule to read:

Site http://127.0.0.1:8111
Accept from *.openstreetmap.org
Deny

Site LOCAL
Accept from LOCAL
Deny
permanent link

answered 02 Aug '13, 12:55

Joe%20E's gravatar image

Joe E
9121
accept rate: 0%

2

If one does not like wildcards and likes also other OSM-related sites to be able to call JOSM, use something like this:

# LOCAL
## Allow
### JOSM call is allowed from OSM related sites
Site 127.0.0.1:8111 localhost:8111 127.0.0.1:8112 localhost:8112
Accept GET from www.openstreetmap.org maps.skobbler.de tools.geofabrik.de overpass-turbo.eu taginfo.openstreetmap.org keepright.ipax.at keepright.at ra.osmsurround.org map.project-osrm.org
Deny

## Deny all others - prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
(03 Aug '13, 00:41) aseerel4c26 ♦

You may also run into this problem when using the JOSM remote control links from maproulette.org.

Site 127.0.0.1:8111
Accept from maproulette.org

placed in front of the general DENY rule will help here too.

(30 Mar '14, 16:14) Chaos99

If you are using Opera there are also security issues in the browser that you need to address. The warning it would normally show is hidden in an invisible iframe so the edit option silently fails. To overcome this you can go into Preferences (Ctrl-F12), Advanced, Security, Trusted Websites, Secure Internal Hosts and add 127.0.0.1 (openstreetmap.org edit option) and localhost (OSM Inspector). I guess there may be security issues that permanently flagging the sites as secure may raise, but as the links work with other browsers I don't think that it can be a major risk.

permanent link

answered 15 Jan '11, 12:34

EdLoach's gravatar image

EdLoach ♦
16.0k12133232
accept rate: 22%

edited 11 Feb '11, 15:15

But if it's true that JOSM does not implement UPNP to allow incoming connections to pass through a NAS router, the router may be configured with a port forwarding rule (or the local host may be the default target of incoming connections, if its local IP address is configured in the router as a DMZ server. In that case JOSM requires no change. local Javascript is not the only solution to reach the editor, if it's not listening and accepting incoming connections only from localhost.

"Enough said" (like you say) I explianed all the solutions possible to reach the editor from remote, and displayed the whole figure (including the cmost common solution using forwared javascript sent to a browser), and this was still accurate.

And I still maintain that firewalls (local or remote within a router) can inspect and filter out javascripts that contain code trying to connect to localhost, notably those that conatin antivirus plugins performing full inspection of downloaded scripts.

My router does this inspection. My antivirus too... And in the most strict configuration (even if Javascript is enabled in the browser), the script will not pass through, or the firewall/antivirus will modify it on the fly to rebind the function that allows performing HTTP requests in javascript, so that this modified javascript function will sandbox the localhost and will only allow outgoing HTTP connections from the script to go to a remote server on the Internet but not on the localhost or on the LAN (this modified javascript HTTPRequest or Websocket will also inspect the target domain name or IP to block some known remote malware sites).

In summary the browser is NOT alone to perform conditional blocking. There are more sotuations than what you think (and if this causes problems, this requires environment-specific configuration in the router or firewall or antivirus (local or in the router box) to allow the script to pass though and work.

permanent link

answered 10 Aug '13, 16:10

Verdy_p's gravatar image

Verdy_p
1566913
accept rate: 0%

-2

The difficult part is that for the remote control to work, your browser has to accept that a remote site connects to your public IP on the Internet at a determined port.

This requires that a remote HTTP connection to yur public IP at this port will reach a local connection listener on your PC:

  • First your firewall may forbid such connections to what could appear as a malicious port scan. You have to configure your firewall to open the port and redirect it to your PC.
  • Then your local browser must allow the javascript coming from a remote domain to open a connection to your local PC. The ABE in the browser restrict this : you have to authorize the OSM web domain to allow the connections made by its scripts to your local PC to succeed (the connection in that case will be local
  • from your browser on your PC running the Javascript, but within the securty domain of the remote site sending this script to your PC,
  • to your application running locally on your PC and listening this port and accepting local connections

Normally your browser blocks any Javascript running in the security realm of another domain than your local domain, to connect to something else than the Internet, and it will block all connections requests made by these scripts to local IP addresses, or addresses not routed from the same IP interface as the one used to load the script from the web domain.

  • Then your local application (JOSM) must be running to listen the local port (it should reject cnnection requests coming from an IP on the Internet, and should only accept connections from 127.0.0.1 i.e. your local PC running your browser.

Be careful : if your local application is still not running and listeing the correct local port, the connection request authorized in your firewall may be used by any other kind of remote client trying to scan and harvest anything else on your local PC that listens this port. Make sure that JOSM is running and reports that its listener is correctly mapped to the appropriate port.

And make also sure that your local firewall witll forward these requests to the appropriate local port that your editor application is listening.

I've also seen some remote port scanners now trying to connect to the port configured by JOSM. This should no longer work because JOSM now will reject all connection attempts not coming from the local loopback interface (127.0.0.1 in IPv4). You need to configure JOSM if you want it to accept remote connections from other addresses, instead of the local browser running the Javascript VM from which the connection request is coming.

permanent link

answered 05 Aug '13, 08:43

Verdy_p's gravatar image

Verdy_p
1566913
accept rate: 0%

edited 05 Aug '13, 15:26

aseerel4c26's gravatar image

aseerel4c26 ♦
28.1k13208482

1

I have not looked inside the JavaScript/HTML code to call remote control in JOSM but I really think it is not related anyhow to anything with public IP and or (router) firewall ("your firewall to open the port and redirect it to your PC"). The connection is made completely locally from browser to JOSM since I have not forwarded the port on my public IP. A application level firewall running on the PC itself might of course interfere with the local port access from browser to JOSM.

(05 Aug '13, 15:30) aseerel4c26 ♦
1

meta: @Verdy_p, by the way: I do not think that a crazy collection of many comments (which should be one text) is useful. So I converted them to an answer.

(05 Aug '13, 15:32) aseerel4c26 ♦

The external router will also interfere with its firewall (possibly running by itself an antivirus or filter that will inspect the javascripts sent by the browser. Initially the remote control allowed direct control of JOSM (or other editor) by a direct connection to the public IP address of your browser at a given port. After all, editors like JOSM are effectively running a web server instance to listen for "remote controls". The only limitation is in how this server listens for connections: it may just accept connections from 127.0.0.1 and so be unusable from a script in browser.

(06 Aug '13, 06:23) Verdy_p

There are effectively several things that can block a connection (and JOSM is not the only implementation of the remote control service listener). Nothing forbids such listener to also listen for remote connections coming from the Internet (in which case the NAS or UPNP router will interfere, as well as an basic external firewall)

(06 Aug '13, 06:25) Verdy_p

An external router checking java script? How much does that cost? And what exactly does a NAS or the UPNP protocol have to do with this? Please stop.

(06 Aug '13, 07:16) scai ♦

Where do you assume that the "remote control" protocol requires Javascript? It just needs an HTTP listener on a designated port of the host where the editor (not just JOSM but any other editor as well) will accept soe requests. That listener is not required to accept connections only from 127.0.0.1, and that request may not come just from Javascript in a local browser, but from any other application capable of performing an HTTP client request.

(06 Aug '13, 22:12) Verdy_p

And that's exactly where these requests could be routed via the internet and coming from another host (in the Internet or on a LAN, and possibly passing through a firewall or HTTP proxy). The remote control may be used not just for editors, but as well to synchronize a remote host with changes made on another database (not necessarily the OSM database but with a compatible API). I tried to be complete about all the possible solutions and uses; but I also explained the simple case where this passes through a javascript in a browser performing an HTTP request to the local host.

(06 Aug '13, 22:15) Verdy_p

The openstretmap.org site is not the only one to use the OSM remote control protocol, and JOSM is not the only software implementing it.

(06 Aug '13, 22:16) Verdy_p

Finally, firewalls inspecting javascripts to block them also exist. You could still use a browser on the PC to navigate an still have the script blocked because it is not signed or not comin from an approved domain, firewalls are known to block scripts that perform XMLRequests or HTTPRequests, this is easy to detect!

(06 Aug '13, 22:19) Verdy_p

@verdy_p: please stop here. "signed" JavaScripts is something that does not exist in reality. Thank you.

(06 Aug '13, 23:42) aseerel4c26 ♦

@aseerel wrong! signed javascript DOES exist ! javascript can also come through autentified secure transport channels (do you know HTTPS ?) HTTP also allows transporting digitial signatures in metadata. Archive file formats as well! The origin domain name can also be authenticated and secured with DNS signatures. There are various solutions to avoid injection of rogue javascripts by third parties, but OSM sites still do not use them.

(07 Aug '13, 00:49) Verdy_p
1

@verdy_p: to my knowledge HTTPS uses message authentication codes which are no signatures. Also note that I said "reality" and that this question is about OSM. Enough now.

(07 Aug '13, 01:47) aseerel4c26 ♦

My comment was also about "OSM", a protocol used and shared by various OSM tools which opens a listening port with a mini web server replying to requests (which may come either from localhost via javascript running in a local browser, or directly from remote host connecting to the editor implementing this listener).

(10 Aug '13, 16:10) Verdy_p
showing 5 of 13 show 8 more comments
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×384
×258
×64
×11

question asked: 15 Jan '11, 01:13

question was seen: 22,121 times

last updated: 28 May '15, 07:33

powered by OSQA