Skip to content

No helpful errors when attempting to login without email setup #23050

New issue
New issue
Open
#23610
Open
No helpful errors when attempting to login without email setup#23050
#23610
Labels
bug[triage] something behaving unexpectedly
@jrockwar

Description

@jrockwar
jrockwar
opened on Apr 26, 2025

Issue Summary

After upgrading from ghost:5.117.0-alpine to ghost:5.118.0-alpine, admin login is broken: no cookies are set in the browser, and Ghost logs show 403 errors with "Unable to determine the authenticated user or integration. Check that cookies are being passed through if using session authentication."
Rolling back to ghost:5.117.0-alpine or earlier resolves the issue.

Steps to Reproduce

  1. Deploy Ghost using Docker with the ghost:5.118.0-alpine or ghost:5.118.1-alpine image.
  2. Use a standard nginx reverse proxy (as per this tutorial).
  3. Try to log in to /ghost/#/signin from a new browser or incognito window.
  4. Observe that no cookies are set and login fails with a 403.
  5. Revert Docker with ghost:5.117.0-alpine
  6. Try to log in to /ghost/#/signin from a new browser or incognito window. Login works successfully.
  7. Redeploy with the ghost:5.118.x-alpine image and try to login again. Login fails as described in (4)

If using the same browser that did the initial set-up, then the cookie is already set and login can be completed successfully.

Ghost Version

5.118.0 / 5.118.1

Node.js Version

v18.20.8

How did you install Ghost?

docker-alpine in a Hetzner VPS (Arm64 CAX11); via docker compose as per https://community.hetzner.com/tutorials/ghost-cms-on-arm64-debian

Database type

MySQL 8

Browser & OS version

Tested on MacOS Sequoia: Zen (Firefox) / Chromium / Safari; Android 15: Iceraven (Firefox), Chrome

Relevant log / error output

[2025-04-26 21:06:34] ERROR "GET /ghost/api/admin/users/me/?include=roles" 403 6ms

Authorization failed

"Unable to determine the authenticated user or integration. Check that cookies are being passed through if using session authentication."

Error ID:
    55d2b170-22e2-11f0-90d2-31b40eaea8c0

----------------------------------------

NoPermissionError: Authorization failed
    at authorizeAdminApi (/var/lib/ghost/versions/5.118.1/core/server/services/auth/authorize.js:33:25)
    at Layer.handle [as handle_request] (/var/lib/ghost/versions/5.118.1/node_modules/express/lib/router/layer.js:95:5)
    at next (/var/lib/ghost/versions/5.118.1/node_modules/express/lib/router/route.js:149:13)
    at authenticate (/var/lib/ghost/versions/5.118.1/core/server/services/auth/session/middleware.js:55:13)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

Code of Conduct

  • I agree to be friendly and polite to people in this repository

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug[triage] something behaving unexpectedly

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions