Redirection after login - stops
-
Hello o/
Since the last update to 4.3.2 after the login at my.xxx.tld with 2FA enabled, Firefox sometimes redirects to a Page called "Cloudron [something] OAuth" with a domain scheme like this:my.xxx.tld/login_callback.html?token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&state=XXXXXXXXXXXXThen nothing happens. I also disabled the noscript plugin at all and stopped my pihole, to test if these were causing this - no.
I was also able to replicate this in MS edge and chromium browser "Brave".Wish you all a nice weekend o7
-
Hi @nebulon
As soon as it is possible for me save that log i will post it here. -
So i had a little time to further inspect this issue.
I was able to reproduce this every time in following setup: Firefox 70.0.1 (64-Bit), Privacy setting "strict"Typing in the adressbar: my.xxx.tld forwards me to https://my.xxx.tld/api/v1/session/login?returnTo=https://my.xxx.tld/login_callback.html
Normal login-screen appears, i fill in my credentials and getting forwarded to https://my.xxx.tld/login_callback.html?token=[STRING]&state=[STRING]
This site then does nothing.
This is the source-code:<html> <head> <title> Cloudron OAuth Callback </title> <script> 'use strict'; var search = decodeURIComponent(window.location.search).slice(1).split('&').map(function (item) { return item.split('='); }).reduce(function (o, k) { o[k[0]] = k[1]; return o; }, {}); if (!search.token) { console.error('No token found'); } else if (!search.state || !window.localStorage.oauth2State || search.state !== window.localStorage.oauth2State ) { console.error('OAuth2 state error'); } else { // the actual app picks up the access token from localStorage localStorage.token = search.token; // clear oauth2 state delete window.localStorage.oauth2State; var returnTo = window.localStorage.returnTo; delete window.localStorage.returnTo; if (returnTo) window.location.href = returnTo; else window.location.href = '/'; } </script> </head> <body> </body> </html>As @murgero said, yes; when i then just remove the "/login_callback.html?token=[STRING]&state=[STRING]" in address-bar everything works fine.
This is the Browserlog, if it helps:
Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert. Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert. [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowUtils.removeSheetUsingURIString]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gre/modules/ExtensionCommon.jsm :: runSafeSyncWithoutClone :: line 75" data: no] 2 ExtensionCommon.jsm:75:12 runSafeSyncWithoutClone resource://gre/modules/ExtensionCommon.jsm:75 cleanup resource://gre/modules/ExtensionContent.jsm:402 close resource://gre/modules/ExtensionContent.jsm:925 destroyed resource://gre/modules/ExtensionContent.jsm:1010 observe resource://gre/modules/ExtensionContent.jsm:1028 Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert. Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert. Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert. [Exception... "Favicon at "https://my.xxx.tld/favicon.ico" failed to load: Not Found." nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 236" data: no]
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login