search

hypothesis / vision

Envisioning the future of the Hypothesis.
https://github.com/hypothesis/vision/issues/
40 stars 8 forks source link

Experience report: bookmarklet "session invalid", proxy doesn't load, Chrome works #211

Closed jean closed 6 years ago

jean commented 8 years ago

Annotating this article, I find that my Firefox bookmarklet is stuck on "Session is invalid. Please try again." (when I go to the hypothesis site, I am signed in).

Request:

POST /app?__formid__=login HTTP/1.1
Host: hypothes.is
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
X-CSRF-Token: d83e...e052
X-Client-Id: ab4073....64af76
Content-Type: application/json;charset=utf-8
Content-Length: 45
Connection: keep-alive

Response:

HTTP/2.0 403 Forbidden
Server: cloudflare-nginx
Date: Mon, 04 Apr 2016 03:57:35 GMT
Content-Type: application/json; charset=UTF-8
Set-Cookie: __cfduid=db26...2254; expires=Tue, 04-Apr-17 03:57:34 GMT; path=/; domain=.hypothes.is; HttpOnly
XSRF-TOKEN=35c0...c58411; Path=/
session=6c4fa5...NDNxAS4=; Max-Age=2592000; Path=/; expires=Wed, 04-May-2016 03:57:35 GMT; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-RAY: 28e1...1b6-SIN
X-Firefox-Spdy: h2

When I try proxying, the browser spins on a blank page, waiting for two requests hypothesis -- screenshot at 2016-04-04 11 33 53.

But annotating via the Chrome extension works fine.

robertknight commented 8 years ago

Hello @jean - Do you have any additional privacy extensions such as Privacy Badger installed? One known cause of 'Session invalid' errors is due to the way authentication currently works which results in login failing if third-party cookies are blocked.

jean commented 8 years ago

Ah, indeed, allowing cookies for hypothes.is made the bookmarklet work. Do you know whether this is the only required setting?

Oh, now I've broken something else .. the bookmarklet doesn't show up and this error is logged:

Error: Cannot find module '/h/static/scripts/polyfills.js'
https://hypothes.is/assets/scripts/injector.bundle.js?ef1d8b
Line 1

It's still happening with Privacy Badger disabled, so I don't think it's related to this issue. Maybe a restart will help ..

lidel commented 6 years ago

@jean Not sure if still relevant, but I had the same error under Firefox 55 and found two ways of solving it – see https://github.com/hypothesis/product-backlog/issues/45#issuecomment-323615323

robertknight commented 6 years ago

Hypothesis (as of v1.39) now detects when the browser is preventing it from storing cookies and falls back to using OAuth rather than cookies for authentication in this context. You may find that you need to click the "Log in" button each time the client loads, but as long as you are signed in to the website you won't have to re-enter your login details each time.