macOS' and iOS' Safari images stop loading and users are logged out

[saegl5]

Description

Ever since Gitea Version 1.19.0, I have frequently encountered an issue with images: They stop loading, and then users are immediately logged/"kicked" out. Error code 404: "The page you are trying to reach either does not exist or you are not authorized to view it."

Clearing web browser history temporarily fixes the issue, for perhaps one minute. This issue only occurs in Safari (desktop and mobile), neither Chrome, nor Firefox, nor DuckDuckGo. Also, this issue only occurs in my Gitea instance, no other websites.

Other observations: The file type doesn't matter (e.g., JPEG and GIF). I also attempted disabling the development menu, using a different MacBook, using safe mode, emptying Safari's caches, using the private window, using a different account (e.g., admin and dummy user), disabling Private Relay, disabling plug-ins, disabling privacy features (e.g., preventing cross-site tracking), changing the DNS to CloudFlare's, restarting my internet router, trying Safari Technology Preview, removing content blockers, and disabling iCloud's Safari sync.

I tried to reproduce the bug on the Gitea demo site, but the site won't allow me to even log in. Error code 500. (Can log in, now.)

Might the way in which Gitea interacts with Safari, in regards to cookie behavior, have changed? Perhaps?

Debug log:

2023/04/17 05:13:40 ...les/cache/context.go:62:GetContextData() [W] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:13:40 ...les/cache/context.go:71:SetContextData() [W] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:13:40 ...les/cache/context.go:62:GetContextData() [W] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:13:40 ...les/cache/context.go:71:SetContextData() [W] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:13:40 ...les/cache/context.go:62:GetContextData() [W] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:13:40 ...les/cache/context.go:71:SetContextData() [W] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:37:11 ...les/cache/context.go:62:GetContextData() [W] [643cdb07-2] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:37:11 ...les/cache/context.go:71:SetContextData() [W] [643cdb07-2] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:37:11 ...les/cache/context.go:62:GetContextData() [W] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:37:11 ...les/cache/context.go:71:SetContextData() [W] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:39:13 ...les/cache/context.go:62:GetContextData() [W] [643cdb81-4] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:39:13 ...les/cache/context.go:71:SetContextData() [W] [643cdb81-4] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:39:13 ...les/cache/context.go:62:GetContextData() [W] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:39:13 ...les/cache/context.go:71:SetContextData() [W] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:39:54 ...les/cache/context.go:62:GetContextData() [W] [643cdbaa-10] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:39:54 ...les/cache/context.go:71:SetContextData() [W] [643cdbaa-10] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:39:54 ...les/cache/context.go:62:GetContextData() [W] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:39:54 ...les/cache/context.go:71:SetContextData() [W] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:40:32 ...les/cache/context.go:62:GetContextData() [W] [643cdbd0-9] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:40:32 ...les/cache/context.go:71:SetContextData() [W] [643cdbd0-9] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:40:32 ...les/cache/context.go:62:GetContextData() [W] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:40:32 ...les/cache/context.go:71:SetContextData() [W] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:44:20 ...les/cache/context.go:62:GetContextData() [W] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:44:20 ...les/cache/context.go:71:SetContextData() [W] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:44:20 ...les/cache/context.go:62:GetContextData() [W] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:44:20 ...les/cache/context.go:71:SetContextData() [W] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:44:20 ...les/cache/context.go:62:GetContextData() [W] cannot get cache context when getting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 05:44:20 ...les/cache/context.go:71:SetContextData() [W] cannot get cache context when setting data: &{context.Background.WithCancel.WithCancel.WithValue(type pprof.labelContextKey, val {"graceful-lifecycle":"with-hammer"}) 0xc002b1b180 false}
2023/04/17 19:43:40 ...ules/context/repo.go:842:func1() [E] [643da16b-2] FindRenamedBranch%!(EXTRA *log.ColoredValue=context canceled)
2023/04/17 19:43:40 ...ules/context/repo.go:842:func1() [E] [643da16b-2] FindRenamedBranch%!(EXTRA *log.ColoredValue=context canceled)
2023/04/17 19:43:40 ...ules/context/repo.go:842:func1() [E] [643da16b-2] FindRenamedBranch%!(EXTRA *log.ColoredValue=context canceled)
2023/04/17 19:43:40 ...ules/context/repo.go:842:func1() [E] [643da16b-3] FindRenamedBranch%!(EXTRA *log.ColoredValue=context canceled)
2023/04/17 19:43:40 ...ules/context/repo.go:842:func1() [E] [643da16b-7] FindRenamedBranch%!(EXTRA *log.ColoredValue=context canceled)
2023/04/17 19:43:40 ...ules/context/repo.go:842:func1() [E] [643da16b-3] FindRenamedBranch%!(EXTRA *log.ColoredValue=context canceled)
2023/04/17 19:43:40 ...ules/context/repo.go:842:func1() [E] [643da16b-3] FindRenamedBranch%!(EXTRA *log.ColoredValue=context canceled)
2023/04/17 19:43:40 ...ules/context/repo.go:842:func1() [E] [643da16b-7] FindRenamedBranch%!(EXTRA *log.ColoredValue=context canceled)
2023/04/17 19:43:40 ...ules/context/repo.go:842:func1() [E] [643da16b-7] FindRenamedBranch%!(EXTRA *log.ColoredValue=context canceled)
2023/04/17 19:43:40 ...web/repo/download.go:102:getBlobForEntry() [E] [643da16b-6] GetCommitsInfo: signal: killed
2023/04/17 21:46:03 ...eful/manager_unix.go:149:handleSignals() [W] [643a4c39] PID 394. Received SIGTERM. Shutting down...
2023/04/17 21:46:03 cmd/web.go:271:listen() [I] [643a4c3b] HTTP Listener: 0.0.0.0:3000 Closed
2023/04/17 21:46:03 ...eful/server_hooks.go:46:doShutdown() [I] [643a4c3b] PID: 394 Listener ([::]:3000) closed.
2023/04/17 21:46:03 .../graceful/manager.go:205:doHammerTime() [W] Setting Hammer condition
2023/04/17 21:46:04 .../graceful/manager.go:224:doTerminate() [W] Terminating
2023/04/17 21:46:04 ...er/issues/indexer.go:201:2() [I] PID: 394 Issue Indexer closed
2023/04/17 21:46:04 cmd/web.go:183:runWeb() [I] PID: 394 Gitea Web Finished
2023/04/17 21:46:56 ...dules/setting/log.go:331:initLogFrom() [I] Gitea Log Mode: File(File:debug)
2023/04/17 21:46:56 ...dules/setting/log.go:337:initLogFrom() [I] According to the configuration, subsequent logs will not be printed to the console
2023/04/17 21:46:56 ...dules/setting/log.go:286:generateNamedLogger() [I] Router Log: Console(console:debug)
2023/04/17 21:46:56 ...les/setting/cache.go:75:loadCacheFrom() [I] Cache Service Enabled
2023/04/17 21:46:56 ...les/setting/cache.go:90:loadCacheFrom() [I] Last Commit Cache Service Enabled
2023/04/17 21:46:56 ...s/setting/session.go:74:loadSessionFrom() [I] Session Service Enabled
2023/04/17 21:46:56 ...g/config_provider.go:30:deprecatedSetting() [E] Deprecated fallback `[mailer]` `HOST` present. Use `[mailer]` `SMTP_ADDR` instead. This fallback will be/has been removed in v1.19.0
2023/04/17 21:46:57 ...es/setting/mailer.go:236:loadMailerFrom() [I] Mail Service Enabled
2023/04/17 21:46:57 ...es/setting/mailer.go:258:loadNotifyMailFrom() [I] Notify Mail Service Enabled
2023/04/17 21:46:57 ...s/storage/storage.go:175:initAttachments() [I] Initialising Attachment storage with type: 
2023/04/17 21:46:57 ...les/storage/local.go:45:NewLocalStorage() [I] Creating new Local Storage at /var/lib/gitea/data/attachments
2023/04/17 21:46:57 ...s/storage/storage.go:165:initAvatars() [I] Initialising Avatar storage with type: 
2023/04/17 21:46:57 ...les/storage/local.go:45:NewLocalStorage() [I] Creating new Local Storage at /var/lib/gitea/data/avatars
2023/04/17 21:46:57 ...s/storage/storage.go:191:initRepoAvatars() [I] Initialising Repository Avatar storage with type: 
2023/04/17 21:46:57 ...les/storage/local.go:45:NewLocalStorage() [I] Creating new Local Storage at /var/lib/gitea/data/repo-avatars
2023/04/17 21:46:57 ...s/storage/storage.go:185:initLFS() [I] Initialising LFS storage with type: 
2023/04/17 21:46:57 ...les/storage/local.go:45:NewLocalStorage() [I] Creating new Local Storage at /var/lib/gitea/data/lfs
2023/04/17 21:46:57 ...s/storage/storage.go:197:initRepoArchives() [I] Initialising Repository Archive storage with type: 
2023/04/17 21:46:57 ...les/storage/local.go:45:NewLocalStorage() [I] Creating new Local Storage at /var/lib/gitea/data/repo-archive
2023/04/17 21:46:57 ...s/storage/storage.go:207:initPackages() [I] Initialising Packages storage with type: 
2023/04/17 21:46:57 ...les/storage/local.go:45:NewLocalStorage() [I] Creating new Local Storage at /var/lib/gitea/data/packages
2023/04/17 21:46:57 ...ueue_disk_channel.go:159:Run() [D] [643dbe51] PersistableChannelQueue: mail Starting
2023/04/17 21:46:57 ...ueue_disk_channel.go:196:Run() [D] [643dbe51] PersistableChannelQueue: mail Skipping running the empty level queue
2023/04/17 21:46:57 ...ue/queue_bytefifo.go:334:Shutdown() [D] [643dbe51] level: mail-level Shutdown
2023/04/17 21:46:57 ...ueue_disk_channel.go:159:Run() [D] [643dbe51-3] PersistableChannelQueue: notification-service Starting
2023/04/17 21:46:57 ...ueue_disk_channel.go:196:Run() [D] [643dbe51-3] PersistableChannelQueue: notification-service Skipping running the empty level queue
2023/04/17 21:46:57 ...ue/queue_bytefifo.go:334:Shutdown() [D] [643dbe51-3] level: notification-service-level Shutdown
2023/04/17 21:46:57 ...ueue_disk_channel.go:188:Run() [D] [643dbe51-5] PersistableChannelUniqueQueue: repo-archive Starting
2023/04/17 21:46:57 ...ueue_disk_channel.go:234:Run() [D] [643dbe51-5] PersistableChannelUniqueQueue: repo-archive Skipping running the empty level queue
2023/04/17 21:46:57 ...ue/queue_bytefifo.go:334:Shutdown() [D] [643dbe51-5] unique-level: repo-archive-level Shutdown
2023/04/17 21:46:57 routers/init.go:143:GlobalInitInstalled() [I] SQLite3 support is enabled
2023/04/17 21:46:57 routers/common/db.go:21:InitDBEngine() [I] Beginning ORM engine initialization.
2023/04/17 21:46:57 routers/common/db.go:28:InitDBEngine() [I] ORM engine initialization attempt #1/10...
2023/04/17 21:46:57 cmd/web.go:163:runWeb() [I] PING DATABASE sqlite3
2023/04/17 21:46:58 routers/init.go:148:GlobalInitInstalled() [W] Table system_setting Column version db default is , struct default is 1
2023/04/17 21:46:58 routers/init.go:148:GlobalInitInstalled() [W] Table project Column card_type db default is 0, struct default is 
2023/04/17 21:46:58 routers/init.go:148:GlobalInitInstalled() [W] Table project Column card_type db nullable is false, struct nullable is true
2023/04/17 21:46:58 routers/init.go:148:GlobalInitInstalled() [W] Table hook_task has column repo_id but struct has not related field
2023/04/17 21:46:58 routers/init.go:149:GlobalInitInstalled() [I] ORM engine initialization successful!
2023/04/17 21:46:58 ...ueue_disk_channel.go:159:Run() [D] [643dbe52] PersistableChannelQueue: push_update Starting
2023/04/17 21:46:58 ...ueue_disk_channel.go:196:Run() [D] [643dbe52] PersistableChannelQueue: push_update Skipping running the empty level queue
2023/04/17 21:46:58 ...ue/queue_bytefifo.go:334:Shutdown() [D] [643dbe52] level: push_update-level Shutdown
2023/04/17 21:46:58 ...er/issues/indexer.go:173:func2() [I] [643dbe52-3] PID 382: Initializing Issue Indexer: bleve
2023/04/17 21:46:58 ...ueue_disk_channel.go:188:Run() [D] [643dbe52-5] PersistableChannelUniqueQueue: repo_stats_update Starting
2023/04/17 21:46:58 ...ueue_disk_channel.go:234:Run() [D] [643dbe52-5] PersistableChannelUniqueQueue: repo_stats_update Skipping running the empty level queue
2023/04/17 21:46:58 ...ue/queue_bytefifo.go:334:Shutdown() [D] [643dbe52-5] unique-level: repo_stats_update-level Shutdown
2023/04/17 21:46:58 ...ueue_disk_channel.go:188:Run() [D] [643dbe52-7] PersistableChannelUniqueQueue: mirror Starting
2023/04/17 21:46:58 ...ueue_disk_channel.go:234:Run() [D] [643dbe52-7] PersistableChannelUniqueQueue: mirror Skipping running the empty level queue
2023/04/17 21:46:58 ...ue/queue_bytefifo.go:334:Shutdown() [D] [643dbe52-7] unique-level: mirror-level Shutdown
2023/04/17 21:46:58 ...xer/stats/indexer.go:38:populateRepoIndexer() [I] Populating the repo stats indexer with existing repositories
2023/04/17 21:46:58 ...ueue_disk_channel.go:188:Run() [D] [643dbe52-9] PersistableChannelUniqueQueue: webhook_sender Starting
2023/04/17 21:46:58 ...ueue_disk_channel.go:234:Run() [D] [643dbe52-9] PersistableChannelUniqueQueue: webhook_sender Skipping running the empty level queue
2023/04/17 21:46:58 ...ue/queue_bytefifo.go:334:Shutdown() [D] [643dbe52-9] unique-level: webhook_sender-level Shutdown
2023/04/17 21:46:58 ...ueue_disk_channel.go:188:Run() [D] [643dbe52-11] PersistableChannelUniqueQueue: pr_patch_checker Starting
2023/04/17 21:46:58 ...ueue_disk_channel.go:234:Run() [D] [643dbe52-11] PersistableChannelUniqueQueue: pr_patch_checker Skipping running the empty level queue
2023/04/17 21:46:58 ...ue/queue_bytefifo.go:334:Shutdown() [D] [643dbe52-11] unique-level: pr_patch_checker-level Shutdown
2023/04/17 21:46:58 ...ueue_disk_channel.go:188:Run() [D] [643dbe52-13] PersistableChannelUniqueQueue: pr_auto_merge Starting
2023/04/17 21:46:58 ...ueue_disk_channel.go:234:Run() [D] [643dbe52-13] PersistableChannelUniqueQueue: pr_auto_merge Skipping running the empty level queue
2023/04/17 21:46:58 ...ue/queue_bytefifo.go:334:Shutdown() [D] [643dbe52-13] unique-level: pr_auto_merge-level Shutdown
2023/04/17 21:46:58 ...ueue_disk_channel.go:159:Run() [D] [643dbe52-16] PersistableChannelQueue: task Starting
2023/04/17 21:46:58 ...ueue_disk_channel.go:196:Run() [D] [643dbe52-16] PersistableChannelQueue: task Skipping running the empty level queue
2023/04/17 21:46:58 ...ue/queue_bytefifo.go:334:Shutdown() [D] [643dbe52-16] level: task-level Shutdown
2023/04/17 21:46:58 ...xer/stats/indexer.go:84:populateRepoIndexer() [I] Done (re)populating the repo stats indexer with existing repositories
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: update_mirrors
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: repo_health_check
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: check_repo_stats
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: archive_cleanup
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: sync_external_users
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: deleted_branches_cleanup
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: update_migration_poster_id
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: cleanup_hook_task_table
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: cleanup_packages
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: delete_inactive_accounts
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: delete_repo_archives
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: git_gc_repos
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: resync_all_sshkeys
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: resync_all_sshprincipals
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: resync_all_hooks
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: reinit_missing_repos
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: delete_missing_repos
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: delete_generated_repository_avatars
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: delete_old_actions
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: update_checker
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: delete_old_system_notices
2023/04/17 21:46:58 ...rvices/cron/tasks.go:147:RegisterTask() [D] [643dbe52-19] Registering task: gc_lfs
2023/04/17 21:46:58 routers/init.go:185:NormalRoutes() [D] Creating static HTML Renderer
2023/04/17 21:46:58 ...er/issues/indexer.go:203:func2() [D] [643dbe52-3] Created Bleve Indexer
2023/04/17 21:46:58 ...er/issues/indexer.go:269:func3() [I] [643dbe52-3] Issue Indexer Initialization took 467.272444ms
2023/04/17 21:46:58 ...ue/queue_bytefifo.go:158:Run() [D] [643dbe52-4] level: issue_indexer Starting
2023/04/17 21:46:59 cmd/web.go:220:listen() [I] [643dbe53] Listen: http://0.0.0.0:3000
2023/04/17 21:46:59 cmd/web.go:224:listen() [I] [643dbe53] AppURL(ROOT_URL): https://questabox-vcs.dev/
2023/04/17 21:46:59 cmd/web.go:227:listen() [I] [643dbe53] LFS server enabled
2023/04/17 21:46:59 ...s/graceful/server.go:62:NewServer() [I] [643dbe53] Starting new Web server: tcp:0.0.0.0:3000 on PID: 382
2023/04/17 21:46:59 ...s/graceful/server.go:75:func1() [D] [643dbe53] Starting server on tcp:0.0.0.0:3000 (PID: 382)
2023/04/17 21:49:05 ...dules/git/command.go:255:Run() [D] [643dbed1] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= rev-parse
2023/04/17 21:49:05 ...dules/git/command.go:255:Run() [D] [643dbed1] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= for-each-ref --format=%(objectname) %(refname) refs/tags/ --sort=-taggerdate
2023/04/17 21:49:05 ...dules/git/command.go:255:Run() [D] [643dbed1] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= cat-file --batch
2023/04/17 21:49:05 ...dules/git/command.go:255:Run() [D] [643dbed1] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= cat-file --batch-check
2023/04/17 21:49:05 ...dules/git/command.go:255:Run() [D] [643dbed1] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= for-each-ref --format=%(objectname) %(refname) refs/heads/ --sort=-committerdate
2023/04/17 21:49:05 ...dules/git/command.go:255:Run() [D] [643dbed1] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= rev-list --count 193a9e0ebe750523c2366358882dc676880707d9
2023/04/17 21:49:06 ...s/charset/charset.go:153:DetectEncoding() [D] [643dbed1] Detected encoding: utf-8 (fast)
2023/04/17 21:49:06 ...dules/git/command.go:255:Run() [D] [643dbed1] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= read-tree 193a9e0ebe750523c2366358882dc676880707d9
2023/04/17 21:49:06 ...dules/git/command.go:255:Run() [D] [643dbed1] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= check-attr -z linguist-language gitlab-language --cached -- pac_man.py
2023/04/17 21:49:06 ...s/context/context.go:222:HTML() [D] [643dbed1] Template: repo/home
2023/04/17 21:49:10 ...ices/context/user.go:24:1() [D] [643dbed6] GetUserByName: user redirect does not exist [name: robots.txt]
2023/04/17 21:49:19 ...dules/git/command.go:255:Run() [D] [643dbedf] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= rev-parse
2023/04/17 21:49:19 ...dules/git/command.go:255:Run() [D] [643dbedf] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= for-each-ref --format=%(objectname) %(refname) refs/tags/ --sort=-taggerdate
2023/04/17 21:49:19 ...dules/git/command.go:255:Run() [D] [643dbedf] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= cat-file --batch
2023/04/17 21:49:19 ...dules/git/command.go:255:Run() [D] [643dbedf] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= cat-file --batch-check
2023/04/17 21:49:19 ...dules/git/command.go:255:Run() [D] [643dbedf] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= for-each-ref --format=%(objectname) %(refname) refs/heads/ --sort=-committerdate
2023/04/17 21:49:19 ...dules/git/command.go:255:Run() [D] [643dbedf] /var/lib/gitea/data/gitea-repositories/student/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= rev-list --count ec507e9a327768fb1bebb33ac34755d9d50c6db5
2023/04/17 21:49:19 ...ules/context/repo.go:1082:IssueTemplatesErrorsFromDefaultBranch() [D] [643dbedf] get sub tree of ISSUE_TEMPLATE: object does not exist [id: , rel_path: ISSUE_TEMPLATE]
2023/04/17 21:49:19 ...ules/context/repo.go:1082:IssueTemplatesErrorsFromDefaultBranch() [D] [643dbedf] get sub tree of issue_template: object does not exist [id: , rel_path: issue_template]
2023/04/17 21:49:19 ...ules/context/repo.go:1082:IssueTemplatesErrorsFromDefaultBranch() [D] [643dbedf] get sub tree of .gitea/ISSUE_TEMPLATE: object does not exist [id: , rel_path: .gitea]
2023/04/17 21:49:19 ...ules/context/repo.go:1082:IssueTemplatesErrorsFromDefaultBranch() [D] [643dbedf] get sub tree of .gitea/issue_template: object does not exist [id: , rel_path: .gitea]
2023/04/17 21:49:19 ...ules/context/repo.go:1082:IssueTemplatesErrorsFromDefaultBranch() [D] [643dbedf] get sub tree of .github/ISSUE_TEMPLATE: object does not exist [id: , rel_path: .github]
2023/04/17 21:49:19 ...ules/context/repo.go:1082:IssueTemplatesErrorsFromDefaultBranch() [D] [643dbedf] get sub tree of .github/issue_template: object does not exist [id: , rel_path: .github]
2023/04/17 21:49:19 ...ules/context/repo.go:1082:IssueTemplatesErrorsFromDefaultBranch() [D] [643dbedf] get sub tree of .gitlab/ISSUE_TEMPLATE: object does not exist [id: , rel_path: .gitlab]
2023/04/17 21:49:19 ...ules/context/repo.go:1082:IssueTemplatesErrorsFromDefaultBranch() [D] [643dbedf] get sub tree of .gitlab/issue_template: object does not exist [id: , rel_path: .gitlab]
2023/04/17 21:49:20 ...s/context/context.go:222:HTML() [D] [643dbedf] Template: repo/issue/list
2023/04/17 21:49:58 ...s/context/context.go:222:HTML() [D] [643dbf06] Template: status/404
2023/04/17 21:50:00 ...s/context/context.go:222:HTML() [D] [643dbf08] Template: user/auth/signin
2023/04/17 21:50:03 ...s/context/context.go:222:HTML() [D] [643dbf0b] Template: user/auth/webauthn
2023/04/17 21:50:07 ...dules/git/command.go:255:Run() [D] [643dbf0f-2] /var/lib/gitea/data/gitea-repositories/student2/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= rev-parse
2023/04/17 21:50:08 ...dules/git/command.go:255:Run() [D] [643dbf0f-2] /var/lib/gitea/data/gitea-repositories/student2/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= for-each-ref --format=%(objectname) %(refname) refs/tags/ --sort=-taggerdate
2023/04/17 21:50:08 ...dules/git/command.go:255:Run() [D] [643dbf0f-2] /var/lib/gitea/data/gitea-repositories/student2/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= cat-file --batch
2023/04/17 21:50:08 ...dules/git/command.go:255:Run() [D] [643dbf0f-2] /var/lib/gitea/data/gitea-repositories/student2/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= cat-file --batch-check
2023/04/17 21:50:08 ...dules/git/command.go:255:Run() [D] [643dbf0f-2] /var/lib/gitea/data/gitea-repositories/student2/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= for-each-ref --format=%(objectname) %(refname) refs/heads/ --sort=-committerdate
2023/04/17 21:50:08 ...dules/git/command.go:255:Run() [D] [643dbf0f-2] /var/lib/gitea/data/gitea-repositories/student2/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= rev-list --count 9e92759342f56788bc995490aa075d4b91fdaecf
2023/04/17 21:50:10 ...dules/git/command.go:255:Run() [D] [643dbf0f-2] /var/lib/gitea/data/gitea-repositories/student2/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= log --name-status -c --format=commit%x00%H %P%x00 --parents --no-renames -t -z 9e92759342f56788bc995490aa075d4b91fdaecf -- .gitignore LICENSE README.md billiards.py custom images mario.py pac_man.py pictionary.py screenshots snowfall.py sounds space_invaders.py src suburb.py
2023/04/17 21:50:10 ...dules/git/command.go:255:Run() [D] [643dbf0f-2] /var/lib/gitea/data/gitea-repositories/student2/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= log --name-status -c --format=commit%x00%H %P%x00 --parents --no-renames -t -z 2e0f6f5fd93a2039f193898d3fc64ec03be60304 -- .gitignore LICENSE billiards.py images mario.py pac_man.py pictionary.py snowfall.py sounds space_invaders.py src suburb.py
2023/04/17 21:50:10 ...dules/git/command.go:255:Run() [D] [643dbf0f-2] /var/lib/gitea/data/gitea-repositories/student2/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= log --name-status -c --format=commit%x00%H %P%x00 --parents --no-renames -t -z fcebba57cee53ae42942351d36620cdeee0e77b8 -- .gitignore billiards.py images pictionary.py snowfall.py sounds space_invaders.py src suburb.py
2023/04/17 21:50:11 ...dules/git/command.go:255:Run() [D] [643dbf0f-2] /var/lib/gitea/data/gitea-repositories/student2/myprojects.git: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= log --name-status -c --format=commit%x00%H %P%x00 --parents --no-renames -t -z fd73444bdabe30007e4d5d8474dacdae08134a6f -- .gitignore pictionary.py space_invaders.py src suburb.py
2023/04/17 21:50:11 ...mmit_info_nogogit.go:65:GetCommitsInfo() [D] [643dbf0f-2] missing commit for src
2023/04/17 21:50:11 ...mmit_info_nogogit.go:65:GetCommitsInfo() [D] [643dbf0f-2] missing commit for .gitignore
2023/04/17 21:50:11 ...mmit_info_nogogit.go:65:GetCommitsInfo() [D] [643dbf0f-2] missing commit for pictionary.py
2023/04/17 21:50:11 ...mmit_info_nogogit.go:65:GetCommitsInfo() [D] [643dbf0f-2] missing commit for space_invaders.py
2023/04/17 21:50:11 ...mmit_info_nogogit.go:65:GetCommitsInfo() [D] [643dbf0f-2] missing commit for suburb.py
2023/04/17 21:50:11 ...ers/web/repo/view.go:100:findReadmeFileInEntries() [D] [643dbf0f-2] Potential readme file: README.md
2023/04/17 21:50:11 ...s/charset/charset.go:153:DetectEncoding() [D] [643dbf0f-2] Detected encoding: utf-8 (fast)
2023/04/17 21:50:11 ...s/context/context.go:222:HTML() [D] [643dbf0f-2] Template: repo/home

Gitea Version

1.19.1

Can you reproduce the bug on the Gitea demo site?

No

Screenshots

Example of image not loading: \

Git Version

2.40.0

Operating System

Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-1031-gcp x86_64)

How are you running Gitea?

I run Gitea in a Google Cloud instance, and the Gitea package is installed using instructions from https://gitlab.com/packaging/gitea/

Database

SQLite

[wxiaoguang]

I have frequently encountered an issue with images: They stop loading, and then users are immediately logged/"kicked" out.

I haven't fully understand your problem.

Do you mean that: if a user visits an image URL, then the user gets signed-out?

• Do you have an example URL of such image URL?
• What's the request Cookie and response Set-Cookie when you visit it?

Clearing web browser history temporarily fixes the issue, for perhaps one minute.

I do not think it is related.

• What's your session storage?
• What's your app.ini, especially COOKIE related settings?
• Do the image URLs have the same domain?

I tried to reproduce the bug on the Gitea demo site, but the site won't allow me to even log in. Error code 500.

Which page? I just tried, I can login try.gitea.io.

[lunny]

I can visit it with no problem. macOS both firefox and safari.

[saegl5]

@wxiaoguang

• correct (re: if a user visits an image URL, then the user gets signed-out?), and I can get encounter the issue faster by loading another tab and coming back to Gitea's tab
• example URL: https://questabox-vcs.dev/saegl5/myprojects/media/branch/main/screenshots/suburb.png (not public though)
• how might I check the request Cookie and response Set-Cookie? (I'm not a web developer, unfortunately, so the best I can do right now is see in Web Inspector > Storage > Cookies is that none expired.)
• session storage: Web Inspector > Storage I see unexpired cookies and Dark Reader
• I see no cookie-related settings in the app.ini (I will check your docs yeah, none, but I did try adding LOGIN_REMEMBER_DAYS = 7 and still encountered my issue)
• yes (re: image URL same domain)

@wxiaoguang and @lunny

try.gitea.io works for me now, thanks \ I don't encounter the issue in it CORRECTION: I do encounter the issue

[wxiaoguang]

• session storage: Web Inspector > Storage I see unexpired cookies and Dark Reader

What's the session related config in your app.ini?

Since you can't reproduce the problem on try.gitea.io, I suspect that this problem is related to your server-side session storage.

If you have no idea about how to continue debugging, a clear & minimal reproducible sample should help, eg: you could try to setup a small and clear instance, to try whether it has the same problem. If yes, report the details here then maintainers could help to reproduce and debug. If the new instance doesn't have the problem, then try to find what's the difference between it and your production instance, by fine-tuning the config options step by step.

[saegl5]

@wxiaoguang

app.ini:

APP_NAME = VCS Portal
RUN_USER = gitea
RUN_MODE = prod

[database]
DB_TYPE  = sqlite3
HOST     = 127.0.0.1:3306
NAME     = gitea
USER     = gitea
PASSWD   =
SCHEMA   =
SSL_MODE = disable
CHARSET  = utf8
PATH     = /var/lib/gitea/data/gitea.db
LOG_SQL  = false

[repository]
ROOT = /var/lib/gitea/data/gitea-repositories
ENABLE_PUSH_CREATE_USER = true
DISABLE_STARS = true

[server]
SSH_DOMAIN       = questabox-vcs.dev
DOMAIN           = questabox-vcs.dev
HTTP_PORT        = 3000
ROOT_URL         = https://questabox-vcs.dev/
DISABLE_SSH      = false
SSH_PORT         = 22
LFS_START_SERVER = true
LFS_JWT_SECRET   = [redacted]
OFFLINE_MODE     = false

[lfs]
PATH = /var/lib/gitea/data/lfs

[mailer]
ENABLED        = true
SMTP_ADDR      = smtp.gmail.com
SMTP_PORT      = 465
FROM           = [redacted email address]
USER           = [redacted email address]
PASSWD         = [redacted]

[service]
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = true
DISABLE_REGISTRATION              = true
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = false
REQUIRE_SIGNIN_VIEW               = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.localhost

[picture]
DISABLE_GRAVATAR        = false
ENABLE_FEDERATED_AVATAR = true

[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false

[session]
PROVIDER = file

[log]
MODE      = file
LEVEL     = info
ROOT_PATH = /var/lib/gitea/log
ROUTER    = console

[repository.pull-request]
DEFAULT_MERGE_STYLE = merge

[repository.signing]
DEFAULT_TRUST_MODEL = committer

[security]
INSTALL_LOCK       = true
INTERNAL_TOKEN     = [redacted]
SECRET_KEY         = [redacted]
PASSWORD_HASH_ALGO = pbkdf2

[ui]
THEMES = auto,gitea,arc-green,auto-red,red,arc-red
DEFAULT_THEME = auto-red
THEME_COLOR_META_TAG = none

[wxiaoguang]

No idea from my side (it doesn't look like a Gitea's problem at the moment)

Could you try to setup a clear & minimal instance to see whether the problem would occur?

[saegl5]

@wxiaoguang thank you for your input and for following up

I feel odd—a bit embarrassed too—to find that the issue went way after checking "Remember This Device" before logging in

although checking that option seems logical to work, since I never had to check that option until recently, then checking that options seems to be a sort of workaround

tonight, I'll try to setup a small and clear instance, as you suggested it could be a server-side issue, yeah

[saegl5]

@wxiaoguang okay, small and clear instance:

http://34.82.68.62:3000 \ username: admin-testing \ password: 123456 \ (my only change was to make user visibility private) closed this instance, used try.gitea.io instance (see below)

> There is nothing private or confidential in this instance...

Issue occurs here too. \ Just give it time; open other tabs; click around Gitea (dashboard, dashboard repository links, open dashboard in new tab, etc.) \ Eventually, I start to frequently see my issue. \ Come to think, if I keep user visibility public, then the images might still show but I may still be logged out. I want user visibility to be private, though.

Again, yes, it could be server-side. I now see have seen the issue in try.gitea.io \ https://try.gitea.io/saegl5/myprojects-testing \ username: saegl5 \ password: 123456 (user visibility private) closed this instance, too

anyways, for now I am reminding myself to check "Remember This Device" before logging in I would assume that, even with the box unchecked, that users would stay authenticated for 7 days (well, at least longer than what I am getting)

[wxiaoguang]

OK, I know the problem now. It's related to Safari & Gitea's session management.

The key point is that "two tabs", then the previous tab's cookie session changed: need more clues

 

[wxiaoguang]

OK, I 99% understand the problem now. It's highly likely a Safari bug.

At the beginning, Safari sends Cookie with Avatar requests.

But after a few minutes, Safari only sends Cookie with page request, but doesn't send Cookies with Avatar request.

Then , the avatar request can't see a session cookie, then the handler (middleware) allocates a new session ID, then this cookie is applied to the whole site, then you are in a non-signed-in session.

At the beginning, Safari sends cookies.


After a while, the avatar request doesn't have cookies.


[wxiaoguang]

According to my test, disabling this option could fix Safari's buggy behavior (actually, Google result shows that a lot of users are affected by similar buggy behavior)

Screenshot:


[wxiaoguang]

I think this problem could be fixed by

• https://github.com/go-gitea/gitea/pull/24330

https://github.com/go-gitea/gitea/pull/24330/files#diff-fa07e296d614e796de67f7ae9268a0660b89c09b6e5f6373b4ca7bf76a20dec7R467-R475

[saegl5]

@wxiaoguang wow! great work!

kindly note, however, that—as also noted above—disabling preventing cross-site tracking didn't work for me \ however, I'll retry... yeah, no difference

glancing at commit 808acb51c69e3decf2cff429060db04f519f9c7d > routers/web/web.go diff... \ okay, yeah, #24330 could work: looks like the handler won't be used, meaning no new cookie if the avatar request can't see one never mind, I see what you did in the linked diff above

this all seems to be making sense to me now thank you, again