Comments (11)
Thank you very much for your report.
- I'm redirected to the default (logged out) home page, but as soon as I click Sign In I'm automatically logged in, no username/password asked
What are your "Loign Sources (Authentication Sources)" on the admin panel? Did you deploy Gitea under a sub-path behind reverse proxy?
- A red error message briefly appears at the top of the page, page refresh, I'm logged in again (no username/password form). Stack trace of the error:
I know this problem ... because Gitea reports some JS errors too aggressively, I think we could leave this problem to a new issue (it is not related to the "logout" problem)
from gitea.
For the first problem, could you also provide the browser's network logs? It might be also related to browsers/extensions, I know some browsers (or extensions) click the "login" button automatically for users if the passwords are remembered. If you could see a separate network POST request for signin, then it could be this case.
ps: I can't reproduce it on try.gitea.io ..........
from gitea.
The JS error toast on logout i'm aware of, I think it's most likely harmless and should not hinder actual functionality. Still something we need to fix of course.
from gitea.
I can reproduce locally like half of the times when I logout while being on the frontpage, there is definitely something fishy going on with the logout. The aborted request triggers the JS toast, and then apparently it logs back in again automatically. Maybe something related to OAuth code.
An no, my browser does not automatically click the "login", it only autofills.
from gitea.
The JS initiator for the first GET above seems to be here:
gitea/web_src/js/features/notification.js
Line 98 in a21ca9b
from gitea.
OK, 100% know the problem now, will propose a fix.
from gitea.
-> Improve logout from worker #30775
from gitea.
What are your "Loign Sources (Authentication Sources)" on the admin panel? Did you deploy Gitea under a sub-path behind reverse proxy?
I have 0 authentication sources in Admin Settings, but yes, my Gitea instance is behind a reverse proxy (Apache).
I think 1st problem has something to do with DOMAIN and ROOT_URL mismatch. If I set DOMAIN = mydevice.local
and APP_URL = http://mydevice/gitea
(without the .local
suffix), I can reproduce it sometimes if I open Gitea via http://mydevice/gitea
, otherwise it doesn't happen.
My browser doesn't auto-login, it only fills in the username/password info (similar to @silverwind's).
from gitea.
I think 1st problem has something to do with DOMAIN and ROOT_URL mismatch ...
It seems to be also related to having a missing /
after the subpath. So given ROOT_URL = http://mydevice.local/gitea/
and a logged in user:
- User opens
http://mydevice/gitea/
-> shows user's repositires page - User opens
http://mydevice/gitea
-> shows home page - if user clicks on Sign In, they are redirected to the repositories page
Relevant Apache config:
<VirtualHost *:80>
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
AllowEncodedSlashes NoDecode
# Note: no trailing slash after either /gitea or port
ProxyPass /gitea http://localhost:8077 nocanon
(adapted from https://docs.gitea.com/administration/reverse-proxies)
from gitea.
Adding this rewrite rule solved it for me:
RewriteEngine on
RewriteRule ^/gitea$ /gitea/ [R]
from gitea.
I think 1st problem has something to do with DOMAIN and ROOT_URL mismatch ...
It seems to be also related to having a missing
/
I think it is a new problem, when there are sub paths, the cookie handling sometimes is tricky. Could you reproduce it in a browser's Private Window (without existing cookie)?
ps: for the real 1st problem (occasionally unable to logged out & JS error), I am pretty sure it could be fixed by #30775, the real problem behind it is the "logout handler" sends 2 responses, one is for worker, one is for current page, the worker code conflicts with the cookie handling.
from gitea.
Related Issues (20)
- Collaborative warehouse related suggestions
- Why not return topics in Repository? HOT 4
- Installing Jupyter in 1.22-rootless HOT 8
- cache: unknown adapter 'memcache'(forgot to import?) HOT 6
- Migrate private github repo to gitea without token
- [ Mail ] Render title
- Untangle offline mode HOT 2
- The cron job to garbage collect LFS pointers is not active HOT 4
- memcache support broken HOT 4
- Repository categories tab looks wired on dashbaord HOT 3
- Repositories have object_format_name="" in API response
- Issues API doesn't OR-combine labels as stated HOT 3
- Missing memcache adapter HOT 3
- [ Refactor ] Beter UI HOT 1
- Project Board view, not all the columns' border radius are circle.
- What values can the op_type field take about the API `/users/{username}/activities/feeds`?
- Automerge does not work with agit PR [1.22.0]
- "command line instructions" for agit PR is incorrect
- Migrating repo with LFS causes 500 error
- gitea 1.22 docker image started having "illegal instruction (core dump)" issue HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gitea.