stackblitz[bot]
commented
1 year ago 
Start a new pull request in StackBlitz Codeflow.
Open MadBloris opened 1 year ago
stackblitz[bot]
commented
1 year ago Start a new pull request in StackBlitz Codeflow.
alexgleason
commented
1 year ago I'm having roughly the same problem, and it's because the origin isn't URI encoded.
When my application redirects here, it produces a 404: https://elk.zone/api/ditto.pub/oauth/https://elk.zone?code=xxx
When I go here instead, it works: https://elk.zone/api/ditto.pub/oauth/https%3A%2F%2Felk.zone?code=xxx
You can actually edit the URL manually and resubmit it. It will log you in.
I'm not sure this is something I can solve on my end since the redirect_uri is coming from Elk. I think Elk should just be able to handle the unencoded URI, or at least encode the redirect_uri value before giving it to the application. EDIT: It's actually me who is decoding it, but :facepalm: I'm doing that because other clients do send the full redirect_uri encoded, so I need to decode it.
Also it's because routing is handled by filesystem paths like [origin], but the origin itself is a URL with slashes in it: https://github.com/elk-zone/elk/blob/main/server/api/%5Bserver%5D/oauth/%5Borigin%5D.ts
EDIT: I fixed my problem like this:
function maybeDecodeUri(uri: string): string {
try {
new URL(uri);
return uri;
} catch (_e) {
return decodeURIComponent(uri);
}
}
hjhornbeck
commented
1 year ago Just wanted to chime in that I've encountered the same error. I'd prefer to use Docker containers to host elk on my server, so this is a major obstacle at the moment.
alexgleason
commented
1 year ago @hjhornbeck Can you confirm if it's because of slashes in the URL, or?
hjhornbeck
commented
1 year ago It is, though I'm not quite seeing the same thing you are. The URL that's being requested is:
https://[host.domain]/api/[target.domain]/oauth/https://[host.domain]?code=[API code]
But the JSON file returned with the 404 says this URL was being requested instead, via the "url" field:
/api/[target.domain]/oauth/https:/[host.domain]?code=[API code]
One of the forward slashes is being stripped away, which presumably is causing the issue. If I switch to URL encoding (ie. %3A%2F%2F), a slash is still stripped away. If I add a third slash, two slashes are stripped away. Adding a URL-encoded backslash before the two forward slashes leads to the delightful "https:\/" in the "url" field. All of which lead to a 404, of course.
I popped your solution into line six, and it made no difference. I don't have a lot of experience with Javascript, let alone this style of Typescript, so there's a strong chance I did it wrong. I'll also start walking back through the release tags to see if I can narrow down when this bug was introduced, though I see the file you pointed to has been unchanged for three months.
eliastorres
commented
1 year ago When using Apache mod_proxy you can use "mapping=encoded" at the end of the ProxyPass parameter, for example
ProxyPass / http://10.1.2.3:5314/ retry=0 mapping=encoded
I don't know if this is needed on the whole / or just in specific paths.
Hiya. I am getting a 404 when trying to login. I get passed through to the authentication page, click allow and then it errors with this message.
I've tried via docker, running with nr, and on a second machine (albeit on the same local network)
Any ideas?
nginx conf