-
-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using 307 redirect causes "Invalid Security Token" error upon login #743
Comments
And yes, the problem does go away if I select "301" on the configuration panel. Haven't tested 303. |
Where is this redirect happening? redirecting to the login page? or during login? |
Sorry, that description was overly complex.
|
Question is how you and where are setting the 307 redirect? |
Yah, seems 307 is not a good option. I'll add 302 and 304 and remove 307. 301-304 work fine. |
Sounds good. Thanks! |
Just for reference, i was using a reverse proxy in front of grav in a docker. Admin was either giving me a "invalid token" or it redirected me to "http://unknown:8080/admin" after i changed that setting to 304 the problem seems the be fixed for me. 301 does not work. |
The default in the next release is |
Tried 302, didn't seems to work in my particular setup. With 304 it does work, but strangely enough i have to press enter twice on the login menu and i see "invalid token" when i'am logged into admin, but all works fine. If it works, it works ;p |
Hello,
Using 307 redirect (client Mozilla Firefox 45.2) causes the "Invalid Security Token" error notification upon first login after a logout, which goes away with a refresh.
If I refresh using F5 and select "Resend" (using the login form POST) the notification remains. If I "enter" on the URL so that a GET is used instead, then the error notification goes away.
Thanks.
The text was updated successfully, but these errors were encountered: