Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Redirection after login - stops

  • Hello o/
    Since the last update to 4.3.2 after the login at with 2FA enabled, Firefox sometimes redirects to a Page called "Cloudron [something] OAuth" with a domain scheme like this:

    Then nothing happens. I also disabled the noscript plugin at all and stopped my pihole, to test if these were causing this - no.
    I was also able to replicate this in MS edge and chromium browser "Brave".

    Wish you all a nice weekend o7

  • Staff

    Can you possibly get a persistent log of the browser requests from the browser inspector tools, so we can follow that flow?

  • Hi @nebulon
    As soon as it is possible for me save that log i will post it here.

  • App Dev

    Are you using firefox by chance? I have this same issue (removing the login_calback blah blah stuff continues the login) in chrome I do not have this problem - Clearing browser cache does not help either (tested on multiple machines)

  • So i had a little time to further inspect this issue.
    I was able to reproduce this every time in following setup: Firefox 70.0.1 (64-Bit), Privacy setting "strict"

    Typing in the adressbar: forwards me to

    Normal login-screen appears, i fill in my credentials and getting forwarded to[STRING]&state=[STRING]
    This site then does nothing.
    This is the source-code:

        <title> Cloudron OAuth Callback </title>
        'use strict';
        var search = decodeURIComponent('&').map(function (item) { return item.split('='); }).reduce(function (o, k) { o[k[0]] = k[1]; return o; }, {});
        if (!search.token) {
            console.error('No token found');
        } else if (!search.state || !window.localStorage.oauth2State || search.state !== window.localStorage.oauth2State ) {
            console.error('OAuth2 state error');
        } else {
            // the actual app picks up the access token from localStorage
            localStorage.token = search.token;
            // clear oauth2 state
            delete window.localStorage.oauth2State;
            var returnTo = window.localStorage.returnTo;
            delete window.localStorage.returnTo;
            if (returnTo) window.location.href = returnTo;
            else window.location.href = '/';

    As @murgero said, yes; when i then just remove the "/login_callback.html?token=[STRING]&state=[STRING]" in address-bar everything works fine.

    This is the Browserlog, if it helps:

    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowUtils.removeSheetUsingURIString]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource://gre/modules/ExtensionCommon.jsm :: runSafeSyncWithoutClone :: line 75"  data: no] 2 ExtensionCommon.jsm:75:12
        runSafeSyncWithoutClone resource://gre/modules/ExtensionCommon.jsm:75
        cleanup resource://gre/modules/ExtensionContent.jsm:402
        close resource://gre/modules/ExtensionContent.jsm:925
        destroyed resource://gre/modules/ExtensionContent.jsm:1010
        observe resource://gre/modules/ExtensionContent.jsm:1028
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    [Exception... "Favicon at "" failed to load: Not Found."  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 236"  data: no]