proxy auth broken again #1028
Comments
|
Do you happen to remember what the mat version was that you ran? And now you're on 0.9? I don't think anything has changed here for a very long time. |
|
I am currently using 0.9.0, and i was previously on 0.7.6 (IIRC). I have to say that the issue seems to be present only on mobile browsers (tested latest Firefox on Android). Both Chrome and Firefox on Linux instead do a single page reload and then the auth popup is displayed. |
|
Same issue on MacOS & iOS using Safari or in PWA. Also Firefox on MacOS shows the issue. I was able to interrupt the endless reload loop and capture some information from the browser's console. Hope that helps. I am running 0.9.0 as well. |
|
Ok, pushed some tweaks to |
|
I have just tried build 0.9.2 and i can report that now not even Firefox on linux works, the page just keep reloading forever. what's annoying is that i can see the entire content of the page even before the authentication (but this might be cached in the browser). I need to test edge but unclear how to do it |
|
The website now keeps popping up "You are not authenticated, going to reload and hope that that kicks off authentication" forever. Tried on Chrome and Firefox for Linux. This is from firefox javascript console while stopped at popup: This is all i get in my NGINX logs (error log is empty) when i click on the popup button: to complete the picture, here is my NGINX configuration for Silverbullet: (only relevant parts, some lines omitted like Let's Encrypt lines and such) (edit: edited to reflect new discoveries) |
|
The question is: what should SilverBullet do when it starts to get 401s? The assumption is a redirect is in place to send the user to a login page, but if that's not there... what should it do? |
|
I have no idea, usually any web page i use that require a login does get the login, when using the Proxy Auth, the browser automatically pops up the login form before even showing anything. For some reason, which i don't know, when the web page contains Silverbuller there is no login popup., whatever SB is doing, is preventing the browser from showing that popup. |
|
Does Silverbullet support any kind of auth otherwise? I need auth because i host on a public subdomain, but i don't need to use Proxy Auth is there is another option. |
|
Ok, better than being unable to use it, but still I hope the proxy auth can be fixed! |
I'm setting up Silverbullet behind Cloudflare Access. It's easy to setup, and works as expected most of the time right now. |
|
Sorry, not using cloudflare at all, and there is no reason to. Proxy Auth works fine for all services, except SB at the moment. Would be possible to totally disable any managing of auth or 401 errors within SB and see if that fix it? Maybe with a command line option? |
|
I think something is really broken with SB authentication. I have done some more experimenting trying to connect SB with my authelia instance. If i login with authelia, then open the SB subdomain, SB will work just fine. If i logout from authelia then try to open SB subdomain, the expected behaviour is that the browser opens the authelia login page ( login.mydomain.com) which, in turn, will redirect to SB subdomain (notes.mydomain.com). This is configured in the reverse proxy and just works for the other subdomains i am using it on. Instead, the SB page will reload indefinitely saying it's offline and cannot access. This is an extract of the firefox console log: There is also that CORS error (Errore nella mappatura delle origini), which baffles me because there is no reason for it at all to be there, everything is on the same domain. And the last worrying bit is that i can see the content of the page even if i am not authenticated. |
|
Just pushed some more changes to try to address this. If you could try this on edge again that'd be great. |
|
Had to revert the change. Broke other stuff. |
|
For another stupid web page I have, I just added a JavaScript reload line on any ajax failed promise, and that works, but SB it's much more complex. |
|
Clearing the cache on the client browser fixes this. Following this, forcing a cache clear also fixes this:
if (result.status === 401 || result.status === 403) {
alert(
"You are not authenticated, going to reload and try to clear the cache, hopefully that kicks off authentication"
);
try {
const cacheNames = await caches.keys();
await Promise.all(cacheNames.map((name) => caches.delete(name)));
} catch (err) {
console.error("Failed to clear cache:", err);
}
location.reload();
throw new Error("Not authenticated, got 401");
}But I have no idea if this is an appropriate thing to do here, or would have downstream consequences. Hope this helps though. |
|
Right, I was thinking of solving it similarly not with caches but by unregistering the service worker when an auth problem happens. Doing that and reloading should also solve this issue. |
My website is broken again using proxy auth on subdomain.
All i get is a permanent page reload and no browser authentication popup from silberbullet
I have just upgraded from ad old, but working, build to latest release on github.
Its a regression, sorry ;)
Previously it was this ticket: #804
And it was fixed.
Some more context:
Currently I am forced to stop using sb at least while outside home, where the proxy auth is not used.
The text was updated successfully, but these errors were encountered: