Activities returns error

New install of Nextcloud 11.0.0.
Ubuntu 16.04.
When clicking on the “activities” link, an error pops up that says “error loading activities”.

Any guidance on how to fix?

Check your logfiles of Nextcloud. And also check your browser network analysis (failing to load activities normally should result in some sort of error).

I checked the browser. Everything is good except the line where it accesses activity. That returns a 403.

https://[my server]/index.php/apps/activity/api/v2/activity/filter

Any thoughts on why Nextcloud is returning a 403 error on that page?

403 means you have no permissions. Check your permission settings of your folder and check your logfiles for more information. Can also be in your apache-config, how does your <Directory /var/www/nextcloud> look like? Compare with documented configuration:

The permissions on the entire tree are www-data:www-data.
It’s pretty much a stock installation.
There is no error generated in error.log, and nothing is written to access.log.

When I click on another control, for example, Files, then I see a write to access.log as expected.
When I click on “activities”, I get nothing. No error, no access log.

This is an out of the box installation of Nextcloud 11.0.0.

Except for the activity app, does everything else work? Can you disable and enable the app?

Everything else works, I did try disabling and enabling it yesterday, but it made no diff. The Activity page works, but the activity link for an OBJECT fails.

Hey, just wanted to let you all know I finally found the problem with “activities”.
My firewall was dropping the transactions - flagging them as a possible “sql injection attack”.

I created an exception for Nextcloud and it works now.

I have the same error.
It appears that the web application firewall on my host flags the activities transactions as SQL injection

[client 123.456.123.214] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/comodo/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "12"] [msg "COMODO WAF: Blind SQL Injection Attack|||F|2"] [data "Matched Data: object_type found within ARGS_NAMES:object_type: object_type"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS_NAMES:object_type. [hostname ""] [uri "/ocs/v2.php/apps/activity/api/v2/activity/filter"] [unique_id "BVceBhxTwNYh7RK7NwtlUQBBBBg"]

I’ve seen this before on a previous host as well with nextcloud. In both cases I’ve disabled that particular modsecurity rule to get nextcloud activities to work.
Perhaps nextcloud activities might want to reformat this?