hassio-addons / addon-bookstack

Bookstack - Home Assistant Community Add-ons

https://addons.community

MIT License

55 stars 13 forks source link

Setup issue 419 Error #207

Open tortho opened 1 year ago

tortho commented 1 year ago

Problem/Motivation

Unable to find the correct config to both be able to show the HA Dasboard card on a computer and edit pages on another instance with same config file.

Case 1 with config file:

certfile: fullchain.pem
envvars:
  - name: SESSION_COOKIE_NAME
    value: bookstack_session
keyfile: privkey.pem
ssl: false

Will give "419 Page Expired" on the computer displaying the HA webpage card. (When loging in) On HA all is workign well, can edit and save pages.

Case 2 with config file:

certfile: fullchain.pem
envvars:
  - name: SESSION_COOKIE_NAME
    value: bookstack_session
  - name: ALLOWED_IFRAME_HOSTS
    value: http://192.168.212.46:8123
keyfile: privkey.pem
ssl: false

HA webpage card will work on the computer displying my dashboard and possible to browse the books. On HA it will allow logging in, navigating editing page etc, but when pressing save button on a page it will give "419 Page expired"

Steps to reproduce

Use configs as above

ssddanbrown commented 1 year ago

On HA it will allow logging in, navigating editing page etc, but when pressing save button on a page it will give "419 Page expired"

That's a little strange to me, logging in should pretty much be the same kind of requests as saving a page. Note that setting ALLOWED_IFRAME_HOSTS does play with cookies, but cookies can be sticky causing strange scenarios.

I'd give things a test on a completely fresh browser (Or maybe private/incognito window) that's never accessed your instance before setting that option, just to test how it's working from fresh cookies being set.

tortho commented 1 year ago

Tried with another browser and also in incognito mode. As long as these lines are in the config

name: ALLOWED_IFRAME_HOSTS value: http://192.168.212.46:8123

I get a 419 page expired, now also when trying to log in. Removing them then I can log in and edit the pages but not access on my kitchen screen, then when putting them back again I can view but not edit on the other instance..

kozfelipe commented 9 months ago

this works for me

envvars:
  - name: ALLOWED_IFRAME_HOSTS
    value: http://192.168.0.19:8123
  - name: SESSION_SECURE_COOKIE
    value: "true"
ssl: false
certfile: fullchain.pem
keyfile: privkey.pem

j0kibalb0a commented 3 months ago

I have the same issue as described by @tortho .

envvars:

  - name: ALLOWED_IFRAME_HOSTS
    value: http://192.168.0.19:8123
  - name: SESSION_SECURE_COOKIE
    value: "true"
ssl: false
certfile: fullchain.pem
keyfile: privkey.pem

This doesn't work for me. Same issue - always... Any ideas?

419Expired