Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Redirection after login - stops

Redirection after login - stops

Scheduled Pinned Locked Moved Support
5 Posts 3 Posters 634 Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • ? Offline
    ? Offline
    A Former User
    wrote on last edited by
    #1

    Hello o/
    Since the last update to 4.3.2 after the login at my.xxx.tld with 2FA enabled, Firefox sometimes redirects to a Page called "Cloudron [something] OAuth" with a domain scheme like this:

    my.xxx.tld/login_callback.html?token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&state=XXXXXXXXXXXX
    

    Then nothing happens. I also disabled the noscript plugin at all and stopped my pihole, to test if these were causing this - no.
    I was also able to replicate this in MS edge and chromium browser "Brave".

    Wish you all a nice weekend o7

    1 Reply Last reply
    0
    • nebulonN Offline
      nebulonN Offline
      nebulon
      Staff
      wrote on last edited by
      #2

      Can you possibly get a persistent log of the browser requests from the browser inspector tools, so we can follow that flow?

      1 Reply Last reply
      0
      • ? Offline
        ? Offline
        A Former User
        wrote on last edited by
        #3

        Hi @nebulon
        As soon as it is possible for me save that log i will post it here.

        1 Reply Last reply
        0
        • murgeroM Offline
          murgeroM Offline
          murgero
          App Dev
          wrote on last edited by
          #4

          Are you using firefox by chance? I have this same issue (removing the login_calback blah blah stuff continues the login) in chrome I do not have this problem - Clearing browser cache does not help either (tested on multiple machines)

          --
          https://urgero.org
          ~ Professional Nerd. Freelance Programmer. ~

          1 Reply Last reply
          0
          • ? Offline
            ? Offline
            A Former User
            wrote on last edited by A Former User
            #5

            So i had a little time to further inspect this issue.
            I was able to reproduce this every time in following setup: Firefox 70.0.1 (64-Bit), Privacy setting "strict"

            Typing in the adressbar: my.xxx.tld forwards me to https://my.xxx.tld/api/v1/session/login?returnTo=https://my.xxx.tld/login_callback.html

            Normal login-screen appears, i fill in my credentials and getting forwarded to https://my.xxx.tld/login_callback.html?token=[STRING]&state=[STRING]
            This site then does nothing.
            This is the source-code:

            <html>
            <head>
                <title> Cloudron OAuth Callback </title>
            
                <script>
            
                'use strict';
            
                var search = decodeURIComponent(window.location.search).slice(1).split('&').map(function (item) { return item.split('='); }).reduce(function (o, k) { o[k[0]] = k[1]; return o; }, {});
            
                if (!search.token) {
                    console.error('No token found');
                } else if (!search.state || !window.localStorage.oauth2State || search.state !== window.localStorage.oauth2State ) {
                    console.error('OAuth2 state error');
                } else {
                    // the actual app picks up the access token from localStorage
                    localStorage.token = search.token;
            
                    // clear oauth2 state
                    delete window.localStorage.oauth2State;
            
                    var returnTo = window.localStorage.returnTo;
                    delete window.localStorage.returnTo;
            
                    if (returnTo) window.location.href = returnTo;
                    else window.location.href = '/';
                }
            
                </script>
            
            </head>
            <body>
            </body>
            </html>
            

            As @murgero said, yes; when i then just remove the "/login_callback.html?token=[STRING]&state=[STRING]" in address-bar everything works fine.

            This is the Browserlog, if it helps:

            Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
            Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
            [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowUtils.removeSheetUsingURIString]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource://gre/modules/ExtensionCommon.jsm :: runSafeSyncWithoutClone :: line 75"  data: no] 2 ExtensionCommon.jsm:75:12
                runSafeSyncWithoutClone resource://gre/modules/ExtensionCommon.jsm:75
                cleanup resource://gre/modules/ExtensionContent.jsm:402
                close resource://gre/modules/ExtensionContent.jsm:925
                destroyed resource://gre/modules/ExtensionContent.jsm:1010
                observe resource://gre/modules/ExtensionContent.jsm:1028
            Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
            Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
            Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
            [Exception... "Favicon at "https://my.xxx.tld/favicon.ico" failed to load: Not Found."  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 236"  data: no]
            
            1 Reply Last reply
            0
            Reply
            • Reply as topic
            Log in to reply
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes


            • Login

            • Don't have an account? Register

            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Bookmarks
            • Search