Redirection after login - stops
-
Hello o/
Since the last update to 4.3.2 after the login at my.xxx.tld with 2FA enabled, Firefox sometimes redirects to a Page called "Cloudron [something] OAuth" with a domain scheme like this:my.xxx.tld/login_callback.html?token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&state=XXXXXXXXXXXXThen nothing happens. I also disabled the noscript plugin at all and stopped my pihole, to test if these were causing this - no.
I was also able to replicate this in MS edge and chromium browser "Brave".Wish you all a nice weekend o7
-
Can you possibly get a persistent log of the browser requests from the browser inspector tools, so we can follow that flow?
-
Hi @nebulon
As soon as it is possible for me save that log i will post it here.
-
Are you using firefox by chance? I have this same issue (removing the login_calback blah blah stuff continues the login) in chrome I do not have this problem - Clearing browser cache does not help either (tested on multiple machines)
-
So i had a little time to further inspect this issue.
I was able to reproduce this every time in following setup: Firefox 70.0.1 (64-Bit), Privacy setting "strict"Typing in the adressbar: my.xxx.tld forwards me to https://my.xxx.tld/api/v1/session/login?returnTo=https://my.xxx.tld/login_callback.html
Normal login-screen appears, i fill in my credentials and getting forwarded to https://my.xxx.tld/login_callback.html?token=[STRING]&state=[STRING]
This site then does nothing.
This is the source-code:<html> <head> <title> Cloudron OAuth Callback </title> <script> 'use strict'; var search = decodeURIComponent(window.location.search).slice(1).split('&').map(function (item) { return item.split('='); }).reduce(function (o, k) { o[k[0]] = k[1]; return o; }, {}); if (!search.token) { console.error('No token found'); } else if (!search.state || !window.localStorage.oauth2State || search.state !== window.localStorage.oauth2State ) { console.error('OAuth2 state error'); } else { // the actual app picks up the access token from localStorage localStorage.token = search.token; // clear oauth2 state delete window.localStorage.oauth2State; var returnTo = window.localStorage.returnTo; delete window.localStorage.returnTo; if (returnTo) window.location.href = returnTo; else window.location.href = '/'; } </script> </head> <body> </body> </html>As @murgero said, yes; when i then just remove the "/login_callback.html?token=[STRING]&state=[STRING]" in address-bar everything works fine.
This is the Browserlog, if it helps:
Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert. Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert. [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowUtils.removeSheetUsingURIString]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gre/modules/ExtensionCommon.jsm :: runSafeSyncWithoutClone :: line 75" data: no] 2 ExtensionCommon.jsm:75:12 runSafeSyncWithoutClone resource://gre/modules/ExtensionCommon.jsm:75 cleanup resource://gre/modules/ExtensionContent.jsm:402 close resource://gre/modules/ExtensionContent.jsm:925 destroyed resource://gre/modules/ExtensionContent.jsm:1010 observe resource://gre/modules/ExtensionContent.jsm:1028 Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert. Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert. Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert. [Exception... "Favicon at "https://my.xxx.tld/favicon.ico" failed to load: Not Found." nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 236" data: no]
