Too many redirects on IOS safari browsers

staler commented 5 years ago

Steps to replicate it:

get a apple or mac device open safari log-in

Expected behaviour

User get loged in to nextcloud and see his files

Actual behaviour

users on an mac/ ios device getting a too many redirects error in safari

Server configuration

Nextcloud Versie: 15.0.2.0 Apps geïnstalleerd: 31 App updates beschikbaar: 0

PHP Versie: 7.2.14 Geheugenlimiet: 512 MB Max verwerkingstijd: 3600 Max uploadomvang: 511 MB

Database Type: mysql Versie: 10.3.12 Grootte: 1,4 MB

Where did you install Nextcloud from: installatron

List of activated apps: Accessibility 1.1.0 Officieel
Activity 2.8.2 Officieel
Auditing / Logging 1.5.0 Officieel
Collaborative tags 1.5.0 Officieel
Deleted files 1.5.0 Officieel
Federation 1.5.0 Officieel
File sharing 1.7.0 Officieel
Log Reader 2.0.0 Officieel
Monitoring 1.5.0 Officieel
Nextcloud announcements 1.4.0 Officieel
Notifications 2.3.0 Officieel
Password policy 1.5.0 Officieel
PDF viewer 1.4.0 Officieel
Share by mail 1.5.0 Officieel
SSO & SAML authentication 2.1.1 Officieel
Support 1.0.0 Officieel
Text editor 2.7.0 Officieel
Theming 1.6.0 Officieel
Update notification 1.5.0 Officieel
Usage survey 1.3.0 Officieel
Versions 1.8.0 Officieel
Video player

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

Nextcloud configuration:

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or

Insert your config.php content here
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)
```<?php
$CONFIG = array (
  'instanceid' => '-----',
  'passwordsalt' => '---------',
  'secret' => '----------',
  'trusted_domains' => 
  array (
    0 => 'tascc.xs4cloud.nl',
  ),
  'datadirectory' => '/home/tascccloud/domains/tascc.xs4cloud.nl/public_html/.htxoljpx4gsvlq.data',
  'dbtype' => 'mysql',
  'version' => '15.0.2.0',
  'overwrite.cli.url' => 'https://tascc.xs4cloud.nl',
  'dbname' => 'tascccloud_oc1',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '------',
  'dbpassword' => '-------------',
  'installed' => true,
  'maintenance' => false,
  'session_lifetime' => 600,
  'skeletondirectory' => '',
  'updater.release.channel' => 'stable',
  'remember_login_cookie_lifetime' => 1,
  'session_keepalive' => false,
  'theme' => '',
  'loglevel' => 2,
);
<?php
$CONFIG = array (
'session_lifetime' => 600,
'remember_login_cookie_lifetime' => 1,
'session_keepalive' => false,

'skeletondirectory' => '',
);
### Client configuration
**Browser:** Safari

**Operating system:**
IOS
### Logs 

#### Nextcloud log (data/owncloud.log)

Insert your Nextcloud log here

nothing showing up there
#### Browser log

Insert your browser log here, this could for example include:

a) The javascript console log b) The network log c) ... i dont have a browser log, but this is the log from the hosting server


`82.161.177.171 - - [04/Feb/2019:22:18:47 +0100] "POST /index.php/apps/user_saml/saml/acs HTTP/1.1" 303 1011 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:48 +0100] "GET / HTTP/1.1" 302 1640 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:49 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:49 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:49 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:50 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:50 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:50 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:51 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:51 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:51 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:52 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:52 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:52 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:52 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:53 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:53 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"`

chrsch commented 5 years ago

@staler Did you find any solution for this?

tsuzu commented 5 years ago

I had the same problem. It seems that iOS Safari doesn't save Cookie when Origin != Host. The server returns 302 Found response with Set-Cookie header for __Host-nc_sameSiteCookielax, but Safari doesn't set it.

ebogaard commented 4 years ago

I'm experiencing the same with NC 17 (but this goes all the way back to 14). There seems to be a difference in triggering a SML response when:

Opening Nextcloud (without NC-session) using "target="_blank""
Opening Nextcloud (without NC-session) opening in the link "manually" in the current address bar

In the first case, the process stops, no redirect to SAML happens. In the headers, I see the following (only main differences shown):

Cookie: ....xxx... __Host-nc_sameSiteCookielax=true
location:

In the second case, I get redirected to SAML for the login screen and all works. In the headers, I see the following (only main differences shown):

Cookie: .... __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
location: https://login.xxx.yy/saml/saml2/idp/SSOService.php?SAMLRequest=pZJNbxo...

Either way, this issue is solved by applying the one-row fix in #248

nextcloud / user_saml