search

misskey-dev / misskey

🌎 A completely free and open interplanetary microblogging platform 🚀
https://misskey-hub.net/
GNU Affero General Public License v3.0
10.01k stars 1.37k forks source link

3rd party sign in broken because of secure cookie #3343

Closed incognico closed 5 years ago

incognico commented 5 years ago

Sign in with GitHub/Discord (and probably Twitter) not working on my configuration (Misskey http <-> apache proxy https <-> client https)

Error: Cannot send secure cookie over unencrypted connection when trying to access /api/signin/... (client: Internal Server Error)

Related #2923

incognico commented 5 years ago

Maybe missing X-Forwarded-Proto: https header is the cause. But I'm not sure if Misskey or the WebServer (Apache) should set the header. https://github.com/webpack/webpack-dev-server/issues/933

Also: https://github.com/koajs/koa/issues/974

I will test.

incognico commented 5 years ago

In Apache RequestHeader set X-Forwarded-Proto "https" works!

I think https://github.com/syuilo/misskey/issues/2923#issuecomment-430397431 can be reverted then @syuilo so Misskey always uses 'secure' again when url is https...

Maybe I'll add a small FAQ for this stuff.

incognico commented 5 years ago

Please revert https://github.com/syuilo/misskey/commit/d2e0faa533b7dba06b9a80a8a68bc8a4236ce569