Outline.expand error, Fetcher: <https://solidweb.org/profile/card> status: 403 - Githubissues

SolidOS / solidos

The operating system for Solid

https://solidos.solidcommunity.net/

MIT License

127 stars 19 forks source link

Outline.expand error, Fetcher: <https://solidweb.org/profile/card> status: 403 #178

Closed chunt007 closed 2 years ago

chunt007 commented 2 years ago

This error occurs when you are simply going to Solid Profile Card

By default with no user logged in. Even if the browser is completely clear and anything cached is erased, it still appears.

403 outlinexpand

jeff-zucker commented 2 years ago

It says it is trying to open <https://solidweb.org/profile/card> which is not your WebID - there's no username.

jeff-zucker commented 2 years ago

So that means that the "oops couldn't find out who you are" was exactly the right response.

jeff-zucker commented 2 years ago

The reason the 401 error is shown is that the public does not have read access to the server root, only on specific files like index.html. There is, AFAIK, no such container as https://soldiweb.org/profile/ (@ewingson can you confirm). You might think that you would get a 404 but it is a general security practice to not show 404s in protected containers - if you don't have right to read the container, you don't have the right to know if a particular resource is contained in it or not, so you don't see the 404.

chunt007 commented 2 years ago

You just worded what I suspected @jeff-zucker. This outline.expand error also appears in two of my broken pod accounts. I was going to say that 404's are handled differently on other sites. They usually don't show scripting exceptions.

jeff-zucker commented 2 years ago

Yeah, I'm not sure exactly which servers implement the no-404 policy.

jeff-zucker commented 2 years ago

Outline-expand errors can be caused by many things, not just this. Some are justified, some may be bugs.

ewingson commented 2 years ago

I can confirm there is no https://solidweb.org/profile container that I am aware of without the username as subdomain. however, trying to access this URI per browser gives a 401 not logged in and a 403 logged in.

jeff-zucker commented 2 years ago

@ewingson - that's exactly what I'd expect - the 401/403 trumps 404 and should be displayed instead so as to not divulge information about what the protected server root contains.

timea-solid commented 2 years ago

This was occurring because the profile got to be very very big and could not load. This is related to another bug - duplicate entries of trustedApps. https://github.com/SolidOS/solid-ui/issues/473