Redirection after login - stops



  • Hello o/
    Since the last update to 4.3.2 after the login at my.xxx.tld with 2FA enabled, Firefox sometimes redirects to a Page called "Cloudron [something] OAuth" with a domain scheme like this:

    my.xxx.tld/login_callback.html?token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&state=XXXXXXXXXXXX
    

    Then nothing happens. I also disabled the noscript plugin at all and stopped my pihole, to test if these were causing this - no.
    I was also able to replicate this in MS edge and chromium browser "Brave".

    Wish you all a nice weekend o7



  • Can you possibly get a persistent log of the browser requests from the browser inspector tools, so we can follow that flow?



  • Hi @nebulon
    As soon as it is possible for me save that log i will post it here.



  • Are you using firefox by chance? I have this same issue (removing the login_calback blah blah stuff continues the login) in chrome I do not have this problem - Clearing browser cache does not help either (tested on multiple machines)



  • So i had a little time to further inspect this issue.
    I was able to reproduce this every time in following setup: Firefox 70.0.1 (64-Bit), Privacy setting "strict"

    Typing in the adressbar: my.xxx.tld forwards me to https://my.xxx.tld/api/v1/session/login?returnTo=https://my.xxx.tld/login_callback.html

    Normal login-screen appears, i fill in my credentials and getting forwarded to https://my.xxx.tld/login_callback.html?token=[STRING]&state=[STRING]
    This site then does nothing.
    This is the source-code:

    <html>
    <head>
        <title> Cloudron OAuth Callback </title>
    
        <script>
    
        'use strict';
    
        var search = decodeURIComponent(window.location.search).slice(1).split('&').map(function (item) { return item.split('='); }).reduce(function (o, k) { o[k[0]] = k[1]; return o; }, {});
    
        if (!search.token) {
            console.error('No token found');
        } else if (!search.state || !window.localStorage.oauth2State || search.state !== window.localStorage.oauth2State ) {
            console.error('OAuth2 state error');
        } else {
            // the actual app picks up the access token from localStorage
            localStorage.token = search.token;
    
            // clear oauth2 state
            delete window.localStorage.oauth2State;
    
            var returnTo = window.localStorage.returnTo;
            delete window.localStorage.returnTo;
    
            if (returnTo) window.location.href = returnTo;
            else window.location.href = '/';
        }
    
        </script>
    
    </head>
    <body>
    </body>
    </html>
    

    As @murgero said, yes; when i then just remove the "/login_callback.html?token=[STRING]&state=[STRING]" in address-bar everything works fine.

    This is the Browserlog, if it helps:

    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowUtils.removeSheetUsingURIString]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource://gre/modules/ExtensionCommon.jsm :: runSafeSyncWithoutClone :: line 75"  data: no] 2 ExtensionCommon.jsm:75:12
        runSafeSyncWithoutClone resource://gre/modules/ExtensionCommon.jsm:75
        cleanup resource://gre/modules/ExtensionContent.jsm:402
        close resource://gre/modules/ExtensionContent.jsm:925
        destroyed resource://gre/modules/ExtensionContent.jsm:1010
        observe resource://gre/modules/ExtensionContent.jsm:1028
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    [Exception... "Favicon at "https://my.xxx.tld/favicon.ico" failed to load: Not Found."  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 236"  data: no]
    

Log in to reply