-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login on Firefox not possible due to bogus CORS error #11844
Comments
Riot being a browser app has no control over CORS nor any caches. Browsers keep those controls to themselves |
I know. There is clearly a difference in how Firefox and Chrome go about this, and there might even be a bug in how Firefox does it when restoring a session. But until that is found and fixed (if ever) it will be a good idea to do things a bit differently in Riot to not trigger that Firefox issue. |
What version of Riot? What version of Synapse? |
Synapse has been installed via its Ubuntu 16.04 package:
Riot is launched directly via https://riot.im/app/ . Currently it says:
Actually, here's our Matrix homeserver URL so you can try yourselves: https://matrix.edgeryders.eu:8448 When entering any username that is supposedly hosted on that server, such as I can't see the CORS pre-flight requests in either the Firefox Private Window or normal Firefox window, so I think they are just not shown in the "Network" tab of the Firefox developer tools (?). For reference, I set the CORS headers for
|
Ok, sorry folks. Wrong alarm. It turns out the reason was rather this:
This is easily fixed by manually unblocking the affected domains in Privacy Badger. I am not long enough back on Firefox to know about these subtle differences of how extensions block requests … So, closing now. Hope it helps somebody in the future with the same issue … |
@tanius Thank you a lot! Privacy Badger was always showing "No trackers blocked", so it seemed like it was not taking action on the site. Element was mostly working, just very slow and occasionally it took several retries to join a room, with some not being joinable at all. Upon investigating I noticed the CORS errors in the browser console, but it took me quite a lot of searching to find this, apparently one and only, post in relation to Element Web with the same error. And turns out you are right! Disabling Privacy Badger for the site improved the performance and reliability immediately. Again, thank you, and bummer for Firefox not stating things more clearly in the console. Maybe we should open a bug report with Mozilla? |
Good idea; their error messages should really be more clear in case extensions block a request. Please go ahead and report! I had only reported this behavior to Privacy Badger, but apparently they did not change anything in their block lists so far. There is an option in their interface "Did Privacy Badger break this site? Let us know!" If everyone coming here due to this issue uses that option, we can hope that Privacy Badger devs will react. |
Firefox 72.0 here. We use a custom home server. Login works in Chrome, and also in Firefox when using a Private Window.
But login does not work in Firefox when using a normal window. Then, I get the following error messages in the developer tools console:
However, sometimes later I will be able to log in with Firefox in the normal window (not using "Private Window" mode). It seems to me that some kind of CORS response caching has to expire before that is possible. I can't properly reproduce a successful login, though, as even after a whole night the login error can still persist.
There is certainly no CORS issue as Firefox logins in the Private Window, and also in Chrome, work without any issues using the exact same login data. I rather think that this must be due to some error about restoring the Firefox session.
Finally, this is not the first time we had login issues with Riot / Matrix in our organization. It's really frustrating for people and makes me want to give up on using it further. Just to say, even if a login issue seems to be an edge case I think it's important to really track it down and solve it, because it means "complete failure" for anyone who cannot get past the login screen.
The text was updated successfully, but these errors were encountered: