search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
3.68k stars 511 forks source link

"Invalid origin in HTTP request" after upgrade from 1.1.16 to 1.1.24 #6128

Closed AndersMogensenMJBR closed 1 month ago

AndersMogensenMJBR commented 1 month ago

Describe the bug When I login on the MeshCentral login page, I recieve this error: Invalid origin in HTTP request, klik for at genoprette forbindelsen.

To Reproduce 1: Update Meshcentral from 1.1.16 to 1.1.24 from the MeshCentral web page. 2: Configure config.json with: "allowedOrigin": true 3: Restart the Meshcentral service. 4: Login on the MeshCentral web page

Expected behavior A login without error.

Server Software (please complete the following information):

Client Device (please complete the following information):

Additional context I tried login from the server as well with localhost in the browser. I also tried using this setting: "allowedOrigin": [ "my.domain.com", "second.domain.com" ]

Your config.json file { "settings": { "cert": "MeshCentral.mjbrvc.dk", "_minify": true, "clickonce": true, "syslog": true, "syslogtcp": "xxxxxxxxx:514", "webrtc": true, "localdiscovery": { "name": "Meshcentral", "info": "MJBR fjernstyringsportal" } }, "domains": { "": { "title": "MJBR fjernstyringsportal", "allowedOrigin": true } }, "smtp": { "host": "xxxxxxx.mjbrvc.dk", "port": xxxxx, "from": "xxxxxxxx@mjbrvc.dk", "user": "xxxxxxxxx", "pass": "xxxxxxxxx", "tls": false } }

si458 commented 1 month ago

Duplicate of issue here https://github.com/Ylianst/MeshCentral/issues/5826 Fix is here https://github.com/Ylianst/MeshCentral/issues/5826#issuecomment-1951914601

AndersMogensenMJBR commented 1 month ago

But I followed the fix fix in #5826 and that did not work...

si458 commented 1 month ago

Sorry I quick read but totally misread at the same time! Strange one? How do u access the web ui? Is it via the domain MeshCentral.mjbrvc.dk ?

si458 commented 1 month ago

Also the is no value in the config.json called clickonce so try removing that and restarting

AndersMogensenMJBR commented 1 month ago

Hi Simon I normally access it via MeshCentral.mjbrvc.dk, but the problem is also when connecting with IP. I deleted the clickonce (it was the setting "Support Microsoft ClickOnce" from the installer), but the problem still exist.

si458 commented 1 month ago

The idea of the allowedorigin is to check the url u are using is the same as what's in meshcentral as the was a security bug found the other month Hence why u need to set it for example if u use reverse proxies But generally setting it to true should work? I'll have to investigate it for u when I have chance and work out what's happening? I'm guessing ur using a reverse proxy? As u don't have the letsencrypt section set?

AndersMogensenMJBR commented 1 month ago

I do not use reverse proxy, is just connecting directly with the local network. It's a test setup, so no "real" certificat". We are evaluating MeshCentral because we are tires of Teamviewer...

AndersMogensenMJBR commented 1 month ago

The issue was gone after I restarted the server after a Windows update, thanks for your help :-)

si458 commented 1 month ago

Gotta love windows and there updates!