Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Redirection after login - stops

Scheduled Pinned Locked Moved Support
5 Posts 3 Posters 270 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T Offline
    T Offline
    timbo
    wrote on last edited by
    #1

    Hello o/
    Since the last update to 4.3.2 after the login at my.xxx.tld with 2FA enabled, Firefox sometimes redirects to a Page called "Cloudron [something] OAuth" with a domain scheme like this:

    my.xxx.tld/login_callback.html?token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&state=XXXXXXXXXXXX
    

    Then nothing happens. I also disabled the noscript plugin at all and stopped my pihole, to test if these were causing this - no.
    I was also able to replicate this in MS edge and chromium browser "Brave".

    Wish you all a nice weekend o7

    o7 enjoy sol III while it lasts

    1 Reply Last reply
    0
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #2

    Can you possibly get a persistent log of the browser requests from the browser inspector tools, so we can follow that flow?

    1 Reply Last reply
    0
  • T Offline
    T Offline
    timbo
    wrote on last edited by
    #3

    Hi @nebulon
    As soon as it is possible for me save that log i will post it here.

    o7 enjoy sol III while it lasts

    1 Reply Last reply
    0
  • murgeroM Offline
    murgeroM Offline
    murgero App Dev
    wrote on last edited by
    #4

    Are you using firefox by chance? I have this same issue (removing the login_calback blah blah stuff continues the login) in chrome I do not have this problem - Clearing browser cache does not help either (tested on multiple machines)

    --
    https://urgero.org
    ~ Professional Nerd. Freelance Programmer. ~
    Matrix: @murgero:urgero.org

    1 Reply Last reply
    0
  • T Offline
    T Offline
    timbo
    wrote on last edited by timbo
    #5

    So i had a little time to further inspect this issue.
    I was able to reproduce this every time in following setup: Firefox 70.0.1 (64-Bit), Privacy setting "strict"

    Typing in the adressbar: my.xxx.tld forwards me to https://my.xxx.tld/api/v1/session/login?returnTo=https://my.xxx.tld/login_callback.html

    Normal login-screen appears, i fill in my credentials and getting forwarded to https://my.xxx.tld/login_callback.html?token=[STRING]&state=[STRING]
    This site then does nothing.
    This is the source-code:

    <html>
    <head>
        <title> Cloudron OAuth Callback </title>
    
        <script>
    
        'use strict';
    
        var search = decodeURIComponent(window.location.search).slice(1).split('&').map(function (item) { return item.split('='); }).reduce(function (o, k) { o[k[0]] = k[1]; return o; }, {});
    
        if (!search.token) {
            console.error('No token found');
        } else if (!search.state || !window.localStorage.oauth2State || search.state !== window.localStorage.oauth2State ) {
            console.error('OAuth2 state error');
        } else {
            // the actual app picks up the access token from localStorage
            localStorage.token = search.token;
    
            // clear oauth2 state
            delete window.localStorage.oauth2State;
    
            var returnTo = window.localStorage.returnTo;
            delete window.localStorage.returnTo;
    
            if (returnTo) window.location.href = returnTo;
            else window.location.href = '/';
        }
    
        </script>
    
    </head>
    <body>
    </body>
    </html>
    

    As @murgero said, yes; when i then just remove the "/login_callback.html?token=[STRING]&state=[STRING]" in address-bar everything works fine.

    This is the Browserlog, if it helps:

    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowUtils.removeSheetUsingURIString]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource://gre/modules/ExtensionCommon.jsm :: runSafeSyncWithoutClone :: line 75"  data: no] 2 ExtensionCommon.jsm:75:12
        runSafeSyncWithoutClone resource://gre/modules/ExtensionCommon.jsm:75
        cleanup resource://gre/modules/ExtensionContent.jsm:402
        close resource://gre/modules/ExtensionContent.jsm:925
        destroyed resource://gre/modules/ExtensionContent.jsm:1010
        observe resource://gre/modules/ExtensionContent.jsm:1028
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    Content Security Policy: 'x-frame-options' wird wegen 'frame-ancestors'-Direktive ignoriert.
    [Exception... "Favicon at "https://my.xxx.tld/favicon.ico" failed to load: Not Found."  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 236"  data: no]
    

    o7 enjoy sol III while it lasts

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.