Open scott-amgen opened 1 year ago
Hi @scott-amgen thanks for your bug report!
Unfortunately I am unable to reproduce this issue, neither on my prod nor on my dev instance. Can you provide me the the steps to reproduce it on a fresh installation?
When users attempt to visit the site while not logged in: EXAMPLE.COM/index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday#?period=day&date=yesterday&category=Dashboard_Dashboard&subcategory=1
This is what I see when trying to access a protected page:
@dominik-th Happy holidays! Thanks for the quick response in testing, much appreciated!
These are the steps I used:
curl git ca-certificates lsb-release ubuntu-keyring unzip python3
by package managercd ~ && curl -fsSL https://get.docker.com -o get-docker.sh && sudo sh get-docker.sh
Here's a simplified version of the Ansible tasks that I used, and the configs related to LoginOIDC plugin. https://gist.github.com/scott-amgen/4ee4d921cb757c86b2f14d4c9c2f13f2
@dominik-th Regarding your test, was it done on Docker as well? Or was it directly on the web server?
The image I used is from official https://hub.docker.com/_/matomo/tags: docker pull matomo:4.12.3
On latest Matomo 4.12.3 official docker image and latest LogicOIDC v4.1.2
When users attempt to visit the site while not logged in: EXAMPLE.COM/index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday#?period=day&date=yesterday&category=Dashboard_Dashboard&subcategory=1
They will be greeted with a 403 page.
If a user IS logged in, then they will arrive at the page successfully.
I've confirmed that this only happens when the plugin LoginOIDC is enabled. When the plugin is disabled, the usual login prompt is shown: