Error when login on Firefox/Firefox-base browser #25154
Description
Issue Summary
I tested, and it works normally on Chromium-based browsers, but not on Firefox/Firefox-based browsers.
You should notice that after the "POST /ghost/api/admin/session" request, any GET request after will have the same error:
Authorization header format is "Authorization: Ghost [token]"
Steps to Reproduce
- Go to the login page at /ghost
- Input the admin account email and password, then submit.
Ghost Version
6.3.1
Node.js Version
22.20.0
How did you install Ghost?
Install Ghost with Docker image
Database type
MySQL 8
Browser & OS version
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:143.0) Gecko/20100101 Firefox/143.0
Relevant log / error output
[2025-10-13 19:04:37] INFO "POST /ghost/api/admin/session" 201 127ms
[2025-10-13 19:04:37] ERROR "GET /ghost/api/admin/users/me/?include=roles" 401 1ms
Authorization header format is "Authorization: Ghost [token]"
Error ID:
76d7aff0-a867-11f0-bb9a-c73f172bc704
Error Code:
INVALID_AUTH_HEADER
----------------------------------------
UnauthorizedError: Authorization header format is "Authorization: Ghost [token]"
at apiKeyAdminAuth (/var/lib/ghost/versions/6.3.1/core/server/services/auth/api-key/admin.js:58:21)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/route.js:149:13)
at Route.dispatch (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/route.js:119:3)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at /var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:284:15
at param (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:365:14)
at param (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:376:14)
at Function.process_params (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:421:3)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:280:10)
at /var/lib/ghost/versions/6.3.1/node_modules/cors/lib/index.js:228:13
at corsOptionsDelegate (/var/lib/ghost/versions/6.3.1/core/server/web/api/middleware/cors.js:73:16)
at corsMiddleware (/var/lib/ghost/versions/6.3.1/node_modules/cors/lib/index.js:204:7)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:328:13)
at /var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:286:9
[2025-10-13 19:04:37] ERROR "GET /ghost/api/admin/config/" 401 1ms
Authorization header format is "Authorization: Ghost [token]"
Error ID:
76e36fc0-a867-11f0-bb9a-c73f172bc704
Error Code:
INVALID_AUTH_HEADER
----------------------------------------
UnauthorizedError: Authorization header format is "Authorization: Ghost [token]"
at apiKeyAdminAuth (/var/lib/ghost/versions/6.3.1/core/server/services/auth/api-key/admin.js:58:21)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/route.js:149:13)
at Route.dispatch (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/route.js:119:3)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at /var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:284:15
at Function.process_params (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:346:12)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:280:10)
at /var/lib/ghost/versions/6.3.1/node_modules/cors/lib/index.js:228:13
at corsOptionsDelegate (/var/lib/ghost/versions/6.3.1/core/server/web/api/middleware/cors.js:73:16)
at corsMiddleware (/var/lib/ghost/versions/6.3.1/node_modules/cors/lib/index.js:204:7)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:328:13)
at /var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:286:9
at Function.process_params (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:346:12)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:280:10)
[2025-10-13 19:04:37] ERROR "GET /ghost/api/admin/settings/?group=site%2Ctheme%2Cprivate%2Cmembers%2Cportal%2Cnewsletter%2Cemail%2Clabs%2Cslack%2Cunsplash%2Cviews%2Cfirstpromoter%2Ceditor%2Ccomments%2Canalytics%2Cannouncement%2Cpintura%2Cdonations%2Crecommendations%2Csecurity%2Csocial_web%2Cexplore" 401 1ms
Authorization header format is "Authorization: Ghost [token]"
Error ID:
76e3bde0-a867-11f0-bb9a-c73f172bc704
Error Code:
INVALID_AUTH_HEADER
----------------------------------------
UnauthorizedError: Authorization header format is "Authorization: Ghost [token]"
at apiKeyAdminAuth (/var/lib/ghost/versions/6.3.1/core/server/services/auth/api-key/admin.js:58:21)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/route.js:149:13)
at Route.dispatch (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/route.js:119:3)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at /var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:284:15
at Function.process_params (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:346:12)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:280:10)
at /var/lib/ghost/versions/6.3.1/node_modules/cors/lib/index.js:228:13
at corsOptionsDelegate (/var/lib/ghost/versions/6.3.1/core/server/web/api/middleware/cors.js:73:16)
at corsMiddleware (/var/lib/ghost/versions/6.3.1/node_modules/cors/lib/index.js:204:7)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:328:13)
at /var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:286:9
at Function.process_params (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:346:12)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:280:10)
[2025-10-13 19:04:37] INFO "GET /ghost/" 200 3ms
[2025-10-13 19:04:38] INFO "GET /ghost/assets/vendor-326b46cbc2845d47f1e0af43ba21caec.map" 404 1ms
NotFoundError: Page not found
[2025-10-13 19:04:38] ERROR "GET /ghost/api/admin/users/me/?include=roles" 401 1ms
Authorization header format is "Authorization: Ghost [token]"
Error ID:
771c3300-a867-11f0-bb9a-c73f172bc704
Error Code:
INVALID_AUTH_HEADER
----------------------------------------
UnauthorizedError: Authorization header format is "Authorization: Ghost [token]"
at apiKeyAdminAuth (/var/lib/ghost/versions/6.3.1/core/server/services/auth/api-key/admin.js:58:21)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/route.js:149:13)
at Route.dispatch (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/route.js:119:3)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at /var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:284:15
at param (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:365:14)
at param (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:376:14)
at Function.process_params (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:421:3)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:280:10)
at /var/lib/ghost/versions/6.3.1/node_modules/cors/lib/index.js:228:13
at corsOptionsDelegate (/var/lib/ghost/versions/6.3.1/core/server/web/api/middleware/cors.js:73:16)
at corsMiddleware (/var/lib/ghost/versions/6.3.1/node_modules/cors/lib/index.js:204:7)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:328:13)
at /var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:286:9
[2025-10-13 19:04:38] INFO "GET /ghost/assets/chunk.397.a720333cfffc99c47e71.map" 404 2ms
NotFoundError: Page not found
[2025-10-13 19:04:38] INFO "GET /ghost/assets/chunk.524.5ac0aa6b2e0374d43fa1.map" 404 2ms
NotFoundError: Page not found
[2025-10-13 19:04:38] INFO "GET /ghost/assets/ghost-f9366c6da848fe7c6c179ce102fdc815.map" 404 2ms
NotFoundError: Page not found
[2025-10-13 19:04:38] ERROR "GET /ghost/api/admin/users/me/?include=roles" 401 2ms
Authorization header format is "Authorization: Ghost [token]"
Error ID:
77235ef0-a867-11f0-bb9a-c73f172bc704
Error Code:
INVALID_AUTH_HEADER
----------------------------------------
UnauthorizedError: Authorization header format is "Authorization: Ghost [token]"
at apiKeyAdminAuth (/var/lib/ghost/versions/6.3.1/core/server/services/auth/api-key/admin.js:58:21)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/route.js:149:13)
at Route.dispatch (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/route.js:119:3)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at /var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:284:15
at param (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:365:14)
at param (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:376:14)
at Function.process_params (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:421:3)
at next (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:280:10)
at /var/lib/ghost/versions/6.3.1/node_modules/cors/lib/index.js:228:13
at corsOptionsDelegate (/var/lib/ghost/versions/6.3.1/core/server/web/api/middleware/cors.js:73:16)
at corsMiddleware (/var/lib/ghost/versions/6.3.1/node_modules/cors/lib/index.js:204:7)
at Layer.handle [as handle_request] (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:328:13)
at /var/lib/ghost/versions/6.3.1/node_modules/express/lib/router/index.js:286:9
[2025-10-13 19:04:38] INFO "GET /ghost/api/admin/site/" 200 1ms
[2025-10-13 19:04:38] INFO "GET /ghost/api/admin/authentication/setup/" 200 5ms
[2025-10-13 19:04:38] INFO "GET /content/images/2022/08/android-chrome-512x512-1.png" 404 1ms
[2025-10-13 19:04:39] INFO "GET /ghost/assets/admin-x-settings/admin-x-settings.js?v=74f827c663" 200 4ms
[2025-10-13 19:04:40] INFO "GET /ghost/assets/admin-x-settings/admin-x-settings.js.map" 404 2ms
NotFoundError: Page not found
[2025-10-13 19:04:40] INFO "GET /ghost/assets/admin-x-settings/index-CGFCkAXn.mjs" 200 104ms
[2025-10-13 19:04:40] INFO "GET /ghost/assets/admin-x-settings/index-Cg4zMcj4.mjs" 200 8ms
[2025-10-13 19:04:40] INFO "GET /ghost/assets/admin-x-settings/index-CGFCkAXn.mjs.map" 404 1ms
NotFoundError: Page not found
[2025-10-13 19:04:40] INFO "GET /ghost/assets/admin-x-settings/index-Cg4zMcj4.mjs.map" 404 1ms
NotFoundError: Page not foundCode of Conduct
- I agree to be friendly and polite to people in this repository