Follow redirection is broken

[elegaanz]

For some reason the URL you get redirect to after following someone is considered invalid by Rocket and it returns a 500 page…

The problematic redirection seems to be this one: https://github.com/Plume-org/Plume/blob/master/src/routes/user.rs#L138

Plume version: 0.2.0

[trinity-1686a]

Oddly enough, I can't reproduce on my local instance, and trying on https://baptiste.gelez.xyz, I can't reproduce either. Any more information, specific commit id, public instance having this issue or something?

[elegaanz]

It happened to me when trying to follow someone through a link to the follow URL (i.e. /@/username/follow). I think there is a problem with links to Plume, because I can notice that when clicking your link to https://baptiste.gelez.xyz I'm not logged in, but if I go to any other page I am… Also when someone links a post it is often marked as not found, but then if you access this post through the instance homepage for instance it works fine… It is really weird…

[trinity-1686a]

The problem of being connected is not with links, the user_id cookie is marked samesite: Strict, so if we came from another site, the cookie is not sent by a browser honoring this feature (it's a csrf countermeasure that Rocket enable by default for secure cookies, but it won't protect some browsers which doesn't implement it and ignore the flag)

[trinity-1686a]

Is it still an issue? If yes, can you give me a step by step howto? I still can't reproduce it neither on my dev instance nor on a public one, even when trying with remote users. Is it possible it's linked to the particular browser you use to access Plume?

[elegaanz]

No it has been fixed I think. If we realize it's not, we will still be able to reopen this issue :D