You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Signin page shows error 400 when hosted on a non-standard port.
Steps to reproduce
Steps to reproduce the behavior:
Install binary release, disable built-in tls
Configure nginx to listen on ports other than 443 and proxy to ocis
Open the webpage in browser (ideally in chrome)
Expected behavior
There should be no error.
Actual behavior
Cannot log in.
Setup
Irrelevant
Additional context
Corresponding error log:
WRN rejecting identifier HTTP request error="origin does not match request URL" host=own.poscat.moe line=github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50 origin=https://own.poscat.moe:8443 referer=https://own.poscat.moe:8443/signin/v1/identifier?client_id=web&code_challenge=A9SqOyxCR6XuhoUoGTtc7pjcFmpcn1CD_dDg1qXqtMM&code_challenge_method=S256&flow=oidc&redirect_uri=https%3A%2F%2Fown.poscat.moe%3A8443%2Foidc-callback.html&response_mode=query&response_type=code&scope=openid+profile+email&state=8231e81eaa774580b7d2506c4d9caa0a service=idp user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/118.0.2088.61"
I'm fairly sure this is cause by net/url's Parse returning host:port in its Host field, which causes this condition to fail.
If you remove the :8443 from the origin and referer header in the curl command the response code will actually be 200.
The text was updated successfully, but these errors were encountered:
Reverse proxy config is always considered "outside" of ocis. But good to know. The ocis built in IdP has a check for the domain match. It can only be run exactly on the same domain.
For other setups I recommend to use keycloak like in the the deployment examples.
Describe the bug
Signin page shows error 400 when hosted on a non-standard port.
Steps to reproduce
Steps to reproduce the behavior:
Expected behavior
There should be no error.
Actual behavior
Cannot log in.
Setup
Irrelevant
Additional context
Corresponding error log:
request (copy as curl):
I'm fairly sure this is cause by
net/url
'sParse
returninghost:port
in itsHost
field, which causes this condition to fail.If you remove the
:8443
from theorigin
andreferer
header in the curl command the response code will actually be 200.The text was updated successfully, but these errors were encountered: