Solved 403 in proxyAuth apps after server migration
-
I recently migrated my server to a new one (classic backup + restore process).
After the restore, I noticed an issue with some apps : I kept getting a 403 error.
After a bit of investigation, it turned out that it was only for some specific apps : those that use the
proxyAuthplugin. What was happening was that the browser still had a valid cookie for the app, so it sent it. TheproxyAuthplugin, seeing a cookie, checked it, and it was incorrect (I suppose current sessions are not part of the backup so are not migrated, which makes sense).The problem is, instead of simply redirecting to the login page, the app keeps throwing the 403 error. For technical users, it's not really a big problem : one can just clear the site's cookies and it's all good to go. However, for less technical users, it can be a pain.
-
I was able to reproduce both issues, thanks for reporting!
- The proxy auth cookie secret is not persisted. It's stored in platform runtime data. I have migrated this into the database.
- Redirection logic was incorrect when the token is invalid. This is also fixed.
-
this condition can be checked for and some action performed within the nginx config.
-
I was able to reproduce both issues, thanks for reporting!
- The proxy auth cookie secret is not persisted. It's stored in platform runtime data. I have migrated this into the database.
- Redirection logic was incorrect when the token is invalid. This is also fixed.
