Closed masterwishx closed 7 months ago
I have the same issue also on Firefox. New install, I'm unable to register.
I used composer not docker but I'm unable to use this app. Never let me register because after insert all my data CSF token error is showed as in this discussion screenshots
I have the same issue also on Firefox. New install, I'm unable to register.
I used composer not docker but I'm unable to use this app. Never let me register because after insert all my data CSF token error is showed as in this discussion screenshots
Try to open incognito page in chrome or firefox ,its working for me in chrome , also you can try to clear cookie and cache maybe ...
i hope @Bubka can fix this soon
For me nothing work. I'm unable also to use the demo https://demo.2fauth.app/register
I lost many time on try to install this on my server and now I'm discovered I just miss to try to register in the demo. Every browser I try, even in incognito I'm unable to register. I tried to install on my server also the previous version of December 2023 but is the same.
I need leave for now. I cannot use :(
I'm able to login in the demo but I'm unable to register:
Sorry for that, but I'm sure it can be fixed. Regarding the demo, it is the expected behavior.
How did you configure the APP_URL
and ASSET_URL
vars in your env file? They should reflect your instance url.
Also, in addition to cookie clearing, please run those command in a terminal:
php artisan cache:clear
php artisan config:clear
php artisan view:clear
@Bubka I'm trying again to install but is a very strange process.
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/public/
RewriteRule ^(.*)$ /public/$1 [L,QSA]
composer install --prefer-dist --no-scripts --no-dev
php artisan 2fauth:install
choosing mysqlNothing still unable also with that three SSH command. I get
And in developer console:
Why did you change the htaccess definition? There is no need to edit this file. Pointing to the public
directory has to be set in your web server configuration. What server are you using?
Why did you change the htaccess definition? There is no need to edit this file. Pointing to the
public
directory has to be set in your web server configuration. What server are you using?
Plesk Apache and PHP
I see there is a cookie error in developer console.
Is safe share my installation URL here or can I share in private?
Please rollback the .access definition to default and post your apache conf here (with redacted host address)
Please rollback the .access definition to default and post your apache conf here (with redacted host address)
The .htaccess has created by me and is in the domain root and point to the public folder. In this case I'm able to load the interface, if I delete it the interface will not load.
I cannot edit the Apache config, is a Plesk Panel. I don't know how to edit, other domains are running on it :S
UPDATE:
You may have cookie issues. My server had the following directive:
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Removing this your app work. I dont know if you can have a weakness in cookies.
php artisan cache:clear php artisan config:clear php artisan view:clear
After this i have server error , but then after reboot container working again , but still same issue , cleared cookies also ...
Please rollback the .access definition to default and post your apache conf here (with redacted host address)
The .htaccess has created by me and is in the domain root and point to the public folder. In this case I'm able to load the interface, if I delete it the interface will not load.
I cannot edit the Apache config, is a Plesk Panel. I don't know how to edit, other domains are running on it :S
UPDATE:
You may have cookie issues. My server had the following directive:
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Removing this your app work. I dont know if you can have a weakness in cookies.
Again, there is no need to add a custom .htaccess in the root folder. 2FAuth has its own .htaccess in the public
folder. You need to configure plesk to point to the public
folder in the host setup.
APP_URL and ASSET_URL is http://192.168.0.199:8000 in Unraid env in docker :
The issue was caused by this:
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
My server is configured to accept http and secure cookie only. Removing this security directive your app is working.
I'm asking why.. this directive must be removed. Now is working and I also set plesk to point to the public folder but with the cookie rule above wont work
@Bubka also have this in log :
but i have app_key :
Found strange behavior, when CSRF token error after page refresh one time entered to program.... In Firefox still no problems. But using mostly chrome for now
@masterwishx please run php artisan config:cache
php artisan config:cache
not sure whats going on but now its working fine , also runned php artisan config:cache
:
i will try to enter for some days , if will be OK i will close issue if you dont mind ...
today again issue in chrome
php artisan config:cache
php artisan config:cache
not helping
You're talking about the CSRF issue, right? what device are you on? desktop, mobile? If mobile, did you add the app to your home-screen?
You're talking about the CSRF issue, right? what device are you on? desktop, mobile? If mobile, did you add the app to your home-screen?
desktop win 11 chrome
Using latest app in docker in Unraid
You're talking about the CSRF issue, right? what device are you on? desktop, mobile? If mobile, did you add the app to your home-screen?
The strange thing , that no problem on firefox also no issue when open incognito page in chrome
Yep, Chrome behaves strangely. CSRF token is pushed to the server with a cookie on each request. On top of that, 2FAuth has a refresh mecanism to prevent such a situation (the call to /refresh-csrf
between the two failed requests to /login
) so even if the first login attempt fails with a 419 code, the second is made with a band new csrf cookie so it shouldn't fail.
Do you have any cookie rule/restriction/policy applied?
Do you have any cookie rule/restriction/policy applied?
not sure , i wasnt had problems in 2fAuth versions befor with chrome ....
standart security if you mean this :
@Bubka it seems the issue is fixed with latest update , i will close the issue for now ... if will have the problem again i will post here ...
Version
lasted
Details & Steps to reproduce
Using docker in Unraid Using in Chrome some time get this issue some time no issue , in Firefox all fine also when open Chrome incognito
Expectation
..
Error & Logs
Execution environment
...
Containerization
Additional information