search

nodeSolidServer / node-solid-server

Solid server on top of the file-system in NodeJS
https://solidproject.org/for-developers/pod-server
Other
1.78k stars 303 forks source link

Error accessing WebID / profile card after login #1093

Open gklyne opened 5 years ago

gklyne commented 5 years ago

(I'm new to node and solid-server, so I might be missing something obvious.)

On a new installation of node-solid-server, I'm getting an internal server error indicated when I try to access the WebID URL after login in (but not before loging in). The sequence I followed is this; it appears to be repeatable.

Install NVM

(Using a previous installation, but I did remove the previously installed version of node.js)

Install latest node.js

To use nvm to install a recent version of node, use some combination of the following:

$ nvm ls-remote
$ nvm install v10.15.1
$ node -v

Status:

$ npm list
/Users/graham
└── (empty)

$ npm list -g
/Users/graham/.nvm/versions/node/v10.15.1/lib
└─┬ npm@6.4.1
  :

$ which node
/Users/graham/.nvm/versions/node/v10.15.1/bin/node

This is different from thepreviously installed verson of node, so I'm taking this to be a clean new node environment.

Activate latest node.js

. ~/.nvm/nvm.sh
. ~/.nvm/bash_completion

Install local Solid server

See also: https://solid.inrupt.com/docs/installing-running-nss

Create and change to working directory for server data (e.g. $HOME/solid).

$ npm install solid-server
npm WARN deprecated nodemailer@3.1.8: All versions below 4.0.1 of Nodemailer are deprecated. See https://nodemailer.com/status/
npm WARN deprecated text-encoding@0.6.4: no longer maintained
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)

> spawn-sync@1.0.15 postinstall /Users/graham/solid/node_modules/spawn-sync
> node postinstall

npm WARN saveError ENOENT: no such file or directory, open '/Users/graham/solid/package.json'
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN enoent ENOENT: no such file or directory, open '/Users/graham/solid/package.json'
npm WARN babel-preset-metalab@1.0.0 requires a peer of babel-core@^6.24.0 but none is installed. You must install peer dependencies yourself.
npm WARN babel-literal-to-ast@1.0.0 requires a peer of babel-core@>=6.0.20 but none is installed. You must install peer dependencies yourself.
npm WARN solid No description
npm WARN solid No repository field.
npm WARN solid No README data
npm WARN solid No license field.

+ solid-server@5.0.0-beta.7
added 658 packages from 407 contributors and audited 64504 packages in 36.611s
found 0 vulnerabilities

Create and change to working directory for solid certificates data (e.g. $HOME/solid-certs). Then:

$ export SOLID_HOME=$(pwd)

Set up certificate (or see https://letsencrypt.org/docs/certificates-for-localhost/). For now, using a self-signed certificate:

$ openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Change back to solid directory:

$ cd $SOLID_HOME

Initialize Solid (see https://github.com/solid/node-solid-server#run-a-single-user-server-beginner):

$ nerthus:solid graham$ npx solid init
? Path to the folder you want to serve. Default is /Users/graham/solid/data
? SSL port to run on. Default is 8443
? Solid server uri (with protocol, hostname and port) https://localhost:8443
? Enable WebID authentication Yes
? Serve Solid on URL path /
? Path to the config directory (for example: /etc/solid-server) ./config
? Path to the config file (for example: ./config.json) ./config.json
? Path to the server metadata db directory (for users/apps etc) ./.db
? Path to the SSL private key in PEM format ../solid-certs/localhost.key
? Path to the SSL certificate key in PEM format ../solid-certs/localhost.crt
? Enable multi-user mode No
? Do you want to set up an email service? No
? A name for your server (not required, but will be presented on your server's frontpage) localhost
? A description of your server (not required)
? A logo that represents you, your brand, or your server (not required)
config created on /Users/graham/solid/config.json

Run solid server

Start Solid:

$ npx solid start

Create basic structure for user data (LDP container)

How to get set up with an LDP container?

Browse to https://localhost:8443/. Ignore/override security warnings. I'm using Brave browser without plugins.

Click on "Register". Fill in details, click "register".

"Public homepage" is displayed.

Click on "WebID" link (https://localhost:8443/profile/card#me). Page with name is displayed, but none of the data entered at registration. Tried "back" button, but nothing happens.

Browse to https://localhost:8443/, "Public homepage" is displayed again.

Click "Login". Enter username and password from registration. Click "Log in". Popup displays "Logged in", and home page button changes to "Log out".

Click on WebID link again, error is displayed:

Outline.expand: Unable to fetch <https://localhost:8443/profile/card>: Failed to load  <https://localhost:8443/profile/card> Fetcher: <https://localhost:8443/profile/card> Internal Server Error status: 500

At this point, console log looks like this:

nerthus:solid graham$ npx solid start
Solid server () running on https://localhost:8443/
Press <ctrl>+c to stop
  solid:get / on localhost +0ms
  solid:get / on localhost +2m
  solid:get /profile/card on localhost +35s
  solid:get    sending data browser file: /Users/graham/solid/node_modules/solid-server/static/databrowser.html +0ms
  solid:get /profile/card on localhost +335ms
  solid:get / on localhost +1m
  solid:get / on localhost +1m
  solid:get /profile/card on localhost +58s
  solid:get    sending data browser file: /Users/graham/solid/node_modules/solid-server/static/databrowser.html +1ms
gklyne commented 5 years ago

File: $SOLID_ROOT/config.json

{
  "root": "/Users/graham/solid/data",
  "port": "8443",
  "serverUri": "https://localhost:8443",
  "webid": true,
  "mount": "/",
  "configPath": "./config",
  "configFile": "./config.json",
  "dbPath": "./.db",
  "sslKey": "../solid-certs/localhost.key",
  "sslCert": "../solid-certs/localhost.crt",
  "multiuser": false,
  "server": {
    "name": "localhost",
    "description": "",
    "logo": ""
  }
}
gklyne commented 5 years ago

If I content negotiate the webId URL (minus fragment) for text/turtle, no error happens:

$ curl -vk -H "accept: text/turtle" https://localhost:8443/profile/card
*   Trying ::1...
* Connected to localhost (::1) port 8443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: localhost
> GET /profile/card HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.43.0
> accept: text/turtle
>
< HTTP/1.1 200 OK
< X-Powered-By: solid-server
< Vary: Accept, Authorization, Origin
< Access-Control-Allow-Credentials: true
< Access-Control-Expose-Headers: Authorization, User, Location, Link, Vary, Last-Modified, ETag, Accept-Patch, Accept-Post, Updates-Via, Allow, WAC-Allow, Content-Length, WWW-Authenticate
< Allow: OPTIONS, HEAD, GET, PATCH, POST, PUT, DELETE
< Link: <card.acl>; rel="acl", <card.meta>; rel="describedBy", <http://www.w3.org/ns/ldp#Resource>; rel="type"
< WAC-Allow: user="read",public="read"
< MS-Author-Via: SPARQL
< Updates-Via: wss://localhost:8443
< Content-Type: text/turtle
< Date: Fri, 08 Feb 2019 12:10:48 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked
<
@prefix solid: <http://www.w3.org/ns/solid/terms#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
@prefix pim: <http://www.w3.org/ns/pim/space#>.
@prefix schema: <http://schema.org/>.
@prefix ldp: <http://www.w3.org/ns/ldp#>.

<>
    a foaf:PersonalProfileDocument ;
    foaf:maker <https://localhost:8443/profile/card#me> ;
    foaf:primaryTopic <https://localhost:8443/profile/card#me> .

<https://localhost:8443/profile/card#me>
    a foaf:Person ;
    a schema:Person ;

    foaf:name "Graham Klyne" ;

    solid:account </> ;  # link to the account uri
    pim:storage </> ;    # root storage

    ldp:inbox </inbox/> ;

    pim:preferencesFile </settings/prefs.ttl> ;  # private settings/preferences
    solid:publicTypeIndex </settings/publicTypeIndex.ttl> ;
    solid:privateTypeIndex </settings/privateTypeIndex.ttl> .
* Connection #0 to host localhost left intact
kjetilk commented 5 years ago

Thank you for a very thorough report!

Just one thing that might help, could you please add more debugging when starting the server, e.g.:

DEBUG=solid:* npx solid start

(actually, I hadn't heard of npx, so I haven't tested the above line, but I think it would work)

gklyne commented 5 years ago

The problem appears to be triggered by the "authorization" header:

$ curl -vk -H "accept: text/html" -H "authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiIwODMyMWZkYjk4MmM4MTI4YzhkMGQwMjBhMWUwNThlNSIsImF1ZCI6Imh0dHBzOi8vbG9jYWxob3N0Ojg0NDMiLCJleHAiOjE1NDk2MzE3OTgsImlhdCI6MTU0OTYyODE5OCwiaWRfdG9rZW4iOiJleUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2SWs1SFlUaGlUSFU0YkVsbkluMC5leUpwYzNNaU9pSm9kSFJ3Y3pvdkwyeHZZMkZzYUc5emREbzRORFF6SWl3aWMzVmlJam9pYUhSMGNITTZMeTlzYjJOaGJHaHZjM1E2T0RRME15OXdjbTltYVd4bEwyTmhjbVFqYldVaUxDSmhkV1FpT2lJd09ETXlNV1prWWprNE1tTTRNVEk0WXpoa01HUXdNakJoTVdVd05UaGxOU0lzSW1WNGNDSTZNVFUxTURjM05qUXdOQ3dpYVdGMElqb3hOVFE1TlRZMk9EQTBMQ0pxZEdraU9pSXlZV0kxTUdJNU5UVXdZek13WTJRMElpd2libTl1WTJVaU9pSlpRemhPVlVrMFNFOUdVVEk0Y21oRlMyTndiMmxCY0VkeE1HWm5XbGMxWkZCNlRrVklWVE5LVTBvd0lpd2lZWHB3SWpvaU1EZ3pNakZtWkdJNU9ESmpPREV5T0dNNFpEQmtNREl3WVRGbE1EVTRaVFVpTENKamJtWWlPbnNpYW5kcklqcDdJbUZzWnlJNklsSlRNalUySWl3aVpTSTZJa0ZSUVVJaUxDSmxlSFFpT25SeWRXVXNJbXRsZVY5dmNITWlPbHNpZG1WeWFXWjVJbDBzSW10MGVTSTZJbEpUUVNJc0ltNGlPaUo1T1Radk5sQlVRbFJsYmtKdWFFNVllbFpNT1VOeFdURXhWVWt4TlU1S09YUjFjVXhMVmxkU09FZzBhVkJLVTFVMlMyZ3hkMGg2ZURSSk9YcG9TREZSWVZOeGVGSjJlVXBVUlZkMU9VTkJiVkl4VUZKWmVEVnBUalZWZVRoWlJ6WmFlRFprYkU1dFEzazFTRlJvUTFSVVExVlpjbmhOVjNaUlZEQm1jVFl5UVZOTWJWbFZWM0ZpWjJnNGVreElWR2hHTm1sR05VRlFlVXRhWWkxSlpUTTFORU13ZGsxUVdEbDBTMnBtTlVSMFkxZFZSVU5RT1doVUxYVmlUemxmUWs5NkxUZElUMUo1T0VOZmVXZGpla0YyZFMxclgyaHhPVEZsVkZGdFEyaG9ZbkkxWmtab09EWkxRVTl1ZDJRNVVrUk9hRVJuT0ZoTmVIbHdRa3h2VEZSa1IxTktXbXczVFdkd1JrRnNVVTUwY2twbVYwSmZlbmR3VUdrMFNucHFZemd6V2pCc0xWQnljV2t0UjJkUE5IVjFURGxyZHkwM2VVdFdWRzFITVcxTlRUaHdjMnBZTjJsdU1qZHBTblV6WW1kNE1XVktMVkVpZlgwc0ltRjBYMmhoYzJnaU9pSm9lazB5VDB4bldGOWFSVFJsY1ZRNE4wRmZPRkJSSW4wLlZxNllycGlzWng1U1FBRFk3SHk1d1BYbExyMVpaSTF5OG1lN1FvSDQ4MkxxaTE5a2dWeGl1SEhkUm5GWDNpYkpkQk1YM1Q5SzYwZVRRbFpBWmdIcVJwMnF1aWdYN3F3dDNXbnFSUWlHNThLU0Zxc0l6VkdILWd1dnVySnBfSVBQekVVYmVfN25JUjNjRTZkYkVxTWpHM1lrWDNyalV5d2d5MHRtbnNFaURnQXhjUjUtOHhiaUpad1NUMXotYVRxWDI3RFlIaEY1Y0pNU3NmVUhkNzZFSkl1bHo3dVh0VkZrbV9ERmxCS3JIaDQ1c3g0ZjV2T2NKN2phOGw0MWhOVVl2SUtNWGEzaldMT3poMVdWWVRLM1hKQ0dPTTEwS1lJbGJZSEJTWjVHNjJRYnFDckUyc0RsNHlwV2VzVVgzY19ka1Nuc1VRRFhtdjU3MjJWbEpjVEtCZyIsInRva2VuX3R5cGUiOiJwb3AifQ.gDuqSMwBk8etxHTMkftFH6hZXWKto1ZaMolkQBsqu2OAt6XwQIHSPTijtNDGu9BQJSITDuSFHED5RpXW7tTqeoazdwp1XhuiSByera-pPnc2ngFwF6NiVZuQn0DD_SwfBkZTACJn0lmNY9E5VZkD_ShMSPe0BakEacRgFhKLJ3X-bfMDL-P9bn78xmitaK1ZZOHeXkUxtGyxKAezpYOhR1rr8qJ5IcISfcJzsciVisydUfsO6uf0xj7k1ISP4SV4jU8xlEjPf-u9FqYxVastJU9KRIg_jYoez8e6xXWdEPrBlS0V3v8yM9cWWPQfLW8uaT2chhNBF7IJSsy8dFwwdA" https://localhost:8443/profile/card
*   Trying ::1...
* Connected to localhost (::1) port 8443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: localhost
> GET /profile/card HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.43.0
> accept: text/html
> authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiIwODMyMWZkYjk4MmM4MTI4YzhkMGQwMjBhMWUwNThlNSIsImF1ZCI6Imh0dHBzOi8vbG9jYWxob3N0Ojg0NDMiLCJleHAiOjE1NDk2MzE3OTgsImlhdCI6MTU0OTYyODE5OCwiaWRfdG9rZW4iOiJleUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2SWs1SFlUaGlUSFU0YkVsbkluMC5leUpwYzNNaU9pSm9kSFJ3Y3pvdkwyeHZZMkZzYUc5emREbzRORFF6SWl3aWMzVmlJam9pYUhSMGNITTZMeTlzYjJOaGJHaHZjM1E2T0RRME15OXdjbTltYVd4bEwyTmhjbVFqYldVaUxDSmhkV1FpT2lJd09ETXlNV1prWWprNE1tTTRNVEk0WXpoa01HUXdNakJoTVdVd05UaGxOU0lzSW1WNGNDSTZNVFUxTURjM05qUXdOQ3dpYVdGMElqb3hOVFE1TlRZMk9EQTBMQ0pxZEdraU9pSXlZV0kxTUdJNU5UVXdZek13WTJRMElpd2libTl1WTJVaU9pSlpRemhPVlVrMFNFOUdVVEk0Y21oRlMyTndiMmxCY0VkeE1HWm5XbGMxWkZCNlRrVklWVE5LVTBvd0lpd2lZWHB3SWpvaU1EZ3pNakZtWkdJNU9ESmpPREV5T0dNNFpEQmtNREl3WVRGbE1EVTRaVFVpTENKamJtWWlPbnNpYW5kcklqcDdJbUZzWnlJNklsSlRNalUySWl3aVpTSTZJa0ZSUVVJaUxDSmxlSFFpT25SeWRXVXNJbXRsZVY5dmNITWlPbHNpZG1WeWFXWjVJbDBzSW10MGVTSTZJbEpUUVNJc0ltNGlPaUo1T1Radk5sQlVRbFJsYmtKdWFFNVllbFpNT1VOeFdURXhWVWt4TlU1S09YUjFjVXhMVmxkU09FZzBhVkJLVTFVMlMyZ3hkMGg2ZURSSk9YcG9TREZSWVZOeGVGSjJlVXBVUlZkMU9VTkJiVkl4VUZKWmVEVnBUalZWZVRoWlJ6WmFlRFprYkU1dFEzazFTRlJvUTFSVVExVlpjbmhOVjNaUlZEQm1jVFl5UVZOTWJWbFZWM0ZpWjJnNGVreElWR2hHTm1sR05VRlFlVXRhWWkxSlpUTTFORU13ZGsxUVdEbDBTMnBtTlVSMFkxZFZSVU5RT1doVUxYVmlUemxmUWs5NkxUZElUMUo1T0VOZmVXZGpla0YyZFMxclgyaHhPVEZsVkZGdFEyaG9ZbkkxWmtab09EWkxRVTl1ZDJRNVVrUk9hRVJuT0ZoTmVIbHdRa3h2VEZSa1IxTktXbXczVFdkd1JrRnNVVTUwY2twbVYwSmZlbmR3VUdrMFNucHFZemd6V2pCc0xWQnljV2t0UjJkUE5IVjFURGxyZHkwM2VVdFdWRzFITVcxTlRUaHdjMnBZTjJsdU1qZHBTblV6WW1kNE1XVktMVkVpZlgwc0ltRjBYMmhoYzJnaU9pSm9lazB5VDB4bldGOWFSVFJsY1ZRNE4wRmZPRkJSSW4wLlZxNllycGlzWng1U1FBRFk3SHk1d1BYbExyMVpaSTF5OG1lN1FvSDQ4MkxxaTE5a2dWeGl1SEhkUm5GWDNpYkpkQk1YM1Q5SzYwZVRRbFpBWmdIcVJwMnF1aWdYN3F3dDNXbnFSUWlHNThLU0Zxc0l6VkdILWd1dnVySnBfSVBQekVVYmVfN25JUjNjRTZkYkVxTWpHM1lrWDNyalV5d2d5MHRtbnNFaURnQXhjUjUtOHhiaUpad1NUMXotYVRxWDI3RFlIaEY1Y0pNU3NmVUhkNzZFSkl1bHo3dVh0VkZrbV9ERmxCS3JIaDQ1c3g0ZjV2T2NKN2phOGw0MWhOVVl2SUtNWGEzaldMT3poMVdWWVRLM1hKQ0dPTTEwS1lJbGJZSEJTWjVHNjJRYnFDckUyc0RsNHlwV2VzVVgzY19ka1Nuc1VRRFhtdjU3MjJWbEpjVEtCZyIsInRva2VuX3R5cGUiOiJwb3AifQ.gDuqSMwBk8etxHTMkftFH6hZXWKto1ZaMolkQBsqu2OAt6XwQIHSPTijtNDGu9BQJSITDuSFHED5RpXW7tTqeoazdwp1XhuiSByera-pPnc2ngFwF6NiVZuQn0DD_SwfBkZTACJn0lmNY9E5VZkD_ShMSPe0BakEacRgFhKLJ3X-bfMDL-P9bn78xmitaK1ZZOHeXkUxtGyxKAezpYOhR1rr8qJ5IcISfcJzsciVisydUfsO6uf0xj7k1ISP4SV4jU8xlEjPf-u9FqYxVastJU9KRIg_jYoez8e6xXWdEPrBlS0V3v8yM9cWWPQfLW8uaT2chhNBF7IJSsy8dFwwdA
>
< HTTP/1.1 500 Internal Server Error
< X-Powered-By: solid-server
< Vary: Accept, Authorization, Origin
< Access-Control-Allow-Credentials: true
< Access-Control-Expose-Headers: Authorization, User, Location, Link, Vary, Last-Modified, ETag, Accept-Patch, Accept-Post, Updates-Via, Allow, WAC-Allow, Content-Length, WWW-Authenticate
< Allow: OPTIONS, HEAD, GET, PATCH, POST, PUT, DELETE
< Content-Type: text/plain; charset=utf-8
< Content-Length: 122
< ETag: W/"7a-72gcDOmD3i20MzjjccyAwm9PzK8"
< Date: Fri, 08 Feb 2019 12:22:25 GMT
< Connection: keep-alive
<
request to https://localhost:8443/.well-known/openid-configuration failed, reason: unable to verify the first certificate
* Connection #0 to host localhost left intact
gklyne commented 5 years ago

That's the incantation I was looking for!

Here's the server log from startup to accessing the WebID URL:

nerthus:solid graham$ DEBUG=solid:* npx solid start
  solid:settings Server URI: https://localhost:8443 +0ms
  solid:settings Auth method: oidc +1ms
  solid:settings Strict origins: true +0ms
  solid:settings Allowed origins: https://apps.solid.invalid +0ms
  solid:settings Db path: ./.db +0ms
  solid:settings Config path: ./config +0ms
  solid:settings Suffix Acl: .acl +0ms
  solid:settings Suffix Meta: .meta +0ms
  solid:settings Filesystem Root: /Users/graham/solid/data +1ms
  solid:settings Allow WebID authentication: true +0ms
  solid:settings Live-updates: true +0ms
  solid:settings Multi-user: false +0ms
  solid:settings Suppress default data browser app: undefined +0ms
  solid:settings Default data browser app file path: default +0ms
  solid:settings Base URL (--mount): / +10ms
  solid:settings SSL Private Key path: ../solid-certs/localhost.key +0ms
  solid:settings SSL Certificate path: ../solid-certs/localhost.crt +0ms
Solid server () running on https://localhost:8443/
Press <ctrl>+c to stop
  solid:authentication Provider keys loaded from config +18ms
  solid:authentication Provider keychain initialized +173ms
  solid:authentication Not sleeping before client registration... +3ms
  solid:authentication Client not present for issuer https://localhost:8443, initializing new client +3ms
  solid:authentication Registering new client for issuer  https://localhost:8443 +0ms
  solid:authentication Error registering a new client:  { FetchError: request to https://localhost:8443/.well-known/openid-configuration failed, reason: unable to verify the first certificate
    at ClientRequest.<anonymous> (/Users/graham/solid/node_modules/node-fetch/lib/index.js:1444:11)
    at ClientRequest.emit (events.js:189:13)
    at TLSSocket.socketErrorListener (_http_client.js:392:9)
    at TLSSocket.emit (events.js:189:13)
    at emitErrorNT (internal/streams/destroy.js:82:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
    at process._tickCallback (internal/process/next_tick.js:63:19)
  message:
   'request to https://localhost:8443/.well-known/openid-configuration failed, reason: unable to verify the first certificate',
  type: 'system',
  errno: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' } +65ms
  solid:authentication Error initializing local RP client:  { FetchError: request to https://localhost:8443/.well-known/openid-configuration failed, reason: unable to verify the first certificate
    at ClientRequest.<anonymous> (/Users/graham/solid/node_modules/node-fetch/lib/index.js:1444:11)
    at ClientRequest.emit (events.js:189:13)
    at TLSSocket.socketErrorListener (_http_client.js:392:9)
    at TLSSocket.emit (events.js:189:13)
    at emitErrorNT (internal/streams/destroy.js:82:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
    at process._tickCallback (internal/process/next_tick.js:63:19)
  message:
   'request to https://localhost:8443/.well-known/openid-configuration failed, reason: unable to verify the first certificate',
  type: 'system',
  errno: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' } +2ms
  solid:ACL Using ACL https://localhost:8443/profile/.acl for ./card +20s
  solid:ACL accessDenied: checking access to <https://localhost:8443/profile/card> by null and origin null +2ms
  solid:ACL    2  default authentications about <https://localhost:8443/profile/> in <https://localhost:8443/profile/.acl> +1ms
  solid:ACL    Checking auth <https://localhost:8443/profile/.acl#owner> with agent null +1ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Read> +1ms
  solid:ACL   Mode required and allowed:<http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL Using ACL https://localhost:8443/profile/.acl for ./card +0ms
  solid:ACL Using ACL https://localhost:8443/profile/.acl for ./card +1ms
  solid:ACL Using ACL https://localhost:8443/profile/.acl for ./card +0ms
  solid:ACL Using ACL https://localhost:8443/profile/.acl for ./card +2ms
  solid:ACL Using ACL https://localhost:8443/profile/.acl for ./card +1ms
  solid:ACL Using ACL https://localhost:8443/profile/.acl for ./card +0ms
  solid:ACL Using ACL https://localhost:8443/profile/.acl for ./card +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/profile/card> by null and origin null +0ms
  solid:ACL    2  default authentications about <https://localhost:8443/profile/> in <https://localhost:8443/profile/.acl> +1ms
  solid:ACL    Checking auth <https://localhost:8443/profile/.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL   Mode required and allowed:<http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/profile/card> by null and origin null +1ms
  solid:ACL    2  default authentications about <https://localhost:8443/profile/> in <https://localhost:8443/profile/.acl> +0ms
  solid:ACL    Checking auth <https://localhost:8443/profile/.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +1ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Write> +0ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Write> Denying with User Unauthorized +1ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/profile/card> by null and origin null +0ms
  solid:ACL    2  default authentications about <https://localhost:8443/profile/> in <https://localhost:8443/profile/.acl> +0ms
  solid:ACL    Checking auth <https://localhost:8443/profile/.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +2ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Append> +0ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Append> Denying with User Unauthorized +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/profile/card> by null and origin null +1ms
  solid:ACL    2  default authentications about <https://localhost:8443/profile/> in <https://localhost:8443/profile/.acl> +0ms
  solid:ACL    Checking auth <https://localhost:8443/profile/.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Control> +0ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Control> Denying with User Unauthorized +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/profile/card> by null and origin null +1ms
  solid:ACL    2  default authentications about <https://localhost:8443/profile/> in <https://localhost:8443/profile/.acl> +0ms
  solid:ACL    Checking auth <https://localhost:8443/profile/.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Write> +0ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Write> Denying with User Unauthorized +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/profile/card> by null and origin null +0ms
  solid:ACL    2  default authentications about <https://localhost:8443/profile/> in <https://localhost:8443/profile/.acl> +1ms
  solid:ACL    Checking auth <https://localhost:8443/profile/.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Append> +0ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Append> Denying with User Unauthorized +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/profile/card> by null and origin null +0ms
  solid:ACL    2  default authentications about <https://localhost:8443/profile/> in <https://localhost:8443/profile/.acl> +1ms
  solid:ACL    Checking auth <https://localhost:8443/profile/.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Control> +1ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Control> Denying with User Unauthorized +0ms
  solid:ACL Permissions on https://localhost:8443/profile/card for (none): read +0ms
  solid:ACL Permissions on https://localhost:8443/profile/card for public: read +0ms
  solid:get /profile/card on localhost +4ms
  solid:handlers GET -- Reading /Users/graham/solid/data/profile/card$.ttl +3ms
  solid:get    sending data browser file: /Users/graham/solid/node_modules/solid-server/static/databrowser.html +1ms
  solid:ACL Using ACL https://localhost:8443/favicon.ico.acl for ./favicon.ico +1s
  solid:ACL accessDenied: checking access to <https://localhost:8443/favicon.ico> by null and origin null +1ms
  solid:ACL    2 direct authentications about <https://localhost:8443/favicon.ico> +0ms
  solid:ACL    Checking auth <https://localhost:8443/favicon.ico.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +1ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL   Mode required and allowed:<http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL Using ACL https://localhost:8443/favicon.ico.acl for ./favicon.ico +0ms
  solid:ACL Using ACL https://localhost:8443/favicon.ico.acl for ./favicon.ico +0ms
  solid:ACL Using ACL https://localhost:8443/favicon.ico.acl for ./favicon.ico +0ms
  solid:ACL Using ACL https://localhost:8443/favicon.ico.acl for ./favicon.ico +0ms
  solid:ACL Using ACL https://localhost:8443/favicon.ico.acl for ./favicon.ico +2ms
  solid:ACL Using ACL https://localhost:8443/favicon.ico.acl for ./favicon.ico +1ms
  solid:ACL Using ACL https://localhost:8443/favicon.ico.acl for ./favicon.ico +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/favicon.ico> by null and origin null +1ms
  solid:ACL    2 direct authentications about <https://localhost:8443/favicon.ico> +0ms
  solid:ACL    Checking auth <https://localhost:8443/favicon.ico.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +1ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL   Mode required and allowed:<http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/favicon.ico> by null and origin null +0ms
  solid:ACL    2 direct authentications about <https://localhost:8443/favicon.ico> +0ms
  solid:ACL    Checking auth <https://localhost:8443/favicon.ico.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +1ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Write> +0ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Write> Denying with User Unauthorized +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/favicon.ico> by null and origin null +0ms
  solid:ACL    2 direct authentications about <https://localhost:8443/favicon.ico> +0ms
  solid:ACL    Checking auth <https://localhost:8443/favicon.ico.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +1ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Append> +0ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Append> Denying with User Unauthorized +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/favicon.ico> by null and origin null +1ms
  solid:ACL    2 direct authentications about <https://localhost:8443/favicon.ico> +0ms
  solid:ACL    Checking auth <https://localhost:8443/favicon.ico.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Control> +1ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Control> Denying with User Unauthorized +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/favicon.ico> by null and origin null +0ms
  solid:ACL    2 direct authentications about <https://localhost:8443/favicon.ico> +0ms
  solid:ACL    Checking auth <https://localhost:8443/favicon.ico.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +1ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Write> +0ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Write> Denying with User Unauthorized +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/favicon.ico> by null and origin null +0ms
  solid:ACL    2 direct authentications about <https://localhost:8443/favicon.ico> +0ms
  solid:ACL    Checking auth <https://localhost:8443/favicon.ico.acl#owner> with agent null +0ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +1ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Append> +0ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Append> Denying with User Unauthorized +0ms
  solid:ACL accessDenied: checking access to <https://localhost:8443/favicon.ico> by null and origin null +0ms
  solid:ACL    2 direct authentications about <https://localhost:8443/favicon.ico> +0ms
  solid:ACL    Checking auth <https://localhost:8443/favicon.ico.acl#owner> with agent null +1ms
  solid:ACL     Agent or group: Fail: not public and not logged on. +0ms
  solid:ACL      The agent/group check fails +0ms
  solid:ACL       Check failed: User Unauthorized +0ms
  solid:ACL     Agent or group: Ok, its public. +0ms
  solid:ACL       Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +0ms
  solid:ACL accessDenied: modeURIorReasons: ["User Unauthorized","http://www.w3.org/ns/auth/acl#Read"] +0ms
  solid:ACL  checking <http://www.w3.org/ns/auth/acl#Control> +1ms
  solid:ACL   MODE REQUIRED NOT ALLOWED: <http://www.w3.org/ns/auth/acl#Control> Denying with User Unauthorized +0ms
  solid:ACL Permissions on https://localhost:8443/favicon.ico for (none): read +0ms
  solid:ACL Permissions on https://localhost:8443/favicon.ico for public: read +0ms
  solid:get /favicon.ico on localhost +1ms
  solid:handlers GET -- Reading /Users/graham/solid/data/favicon.ico +1ms
  solid:server Error page because of: { FetchError: request to https://localhost:8443/.well-known/openid-configuration failed, reason: unable to verify the first certificate
    at ClientRequest.<anonymous> (/Users/graham/solid/node_modules/node-fetch/lib/index.js:1444:11)
    at ClientRequest.emit (events.js:189:13)
    at TLSSocket.socketErrorListener (_http_client.js:392:9)
    at TLSSocket.emit (events.js:189:13)
    at emitErrorNT (internal/streams/destroy.js:82:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
    at process._tickCallback (internal/process/next_tick.js:63:19)
  message:
   'request to https://localhost:8443/.well-known/openid-configuration failed, reason: unable to verify the first certificate',
  type: 'system',
  errno: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' } +98ms
kjetilk commented 5 years ago

OK, good! I don't know what it means, but perhaps @dmitrizagidulin has an idea?

gklyne commented 5 years ago

I'd hazard a guess it could be to do with using a self-signed cert?

kjetilk commented 5 years ago

Yeah, it seems like it, but I do that too, so there has to be something more subtle...

rimmartin commented 5 years ago

with self cert you need to launch with solid-test start

kjetilk commented 5 years ago

with self cert you need to launch with solid-test start

Right, I would have expected an error to be thrown earlier if that was the reason though.

Actually, I ended up setting NODE_TLS_REJECT_UNAUTHORIZED=0 in my .bashrc on my dev box.

rimmartin commented 5 years ago

there is also a switch it sets --no-reject-unauthorized I don't know if this is redundant

rimmartin commented 5 years ago

Also more interesting testing if you clone the release/v5.0.0 branch

/home/roger/Software/git-1.8.5.2/dist/bin/git clone -b release/v5.0.0 https://github.com/solid/node-solid-server.git node-solid-server
rimmartin commented 5 years ago

If you clear your nss folder and start with a new clone be aware in your browser pages the solid-auth-client stores stuff in local storage for certain pages and your app

Clear these with browser dev tools from the Storage tab

gklyne commented 5 years ago

@rimmartin Thanks. That seems to have solved a different problem (which I'm about to log). (I assumed local storage would be zapped when I cleared browser history, but it appears not.)

gklyne commented 5 years ago

Now, using the same setup as before, I do seem to be able to access the WebID data while logged in. I'm not aware of anything that's changed other than clearing out browser storage values.

gklyne commented 5 years ago

Well, that seems to be the problem. Something got messed up with browser storage values. I don't know what. I've managed to clear storage for the site in two different browsers now (Firefox and Brave) and now I can access the WebID as expected in both browsers.

This also seems to fix a related problem that I was having: after logging out I could not log in again, and just got a popup displaying "Unauthorized" after selecting "https://localhost:8443/" as the IDP.

I would claim that this is still a bug, because I don't think the server should get itself into such a muddle because something is wrong in the browser's site storage. (What breaks if any attempt to logout, or any access while logged out, flushes out all stored data for the site?)

rimmartin commented 5 years ago

@gklyne yep I agree, the life cycle needs some work. I would like to see the https://github.com/solid/webid-oidc-spec sharply delineated and end-to-end tested. We should be able to stick it into koa, egg or sails or any other more enterprising framework we like.

And it definitely needs to become transparent to the wider non-developer user

jaxoncreed commented 5 years ago

I'm closing this due to inactivity

gklyne commented 5 years ago

I'm wondering what is the rationale for closing due to inactivity, given that (I understand) there is an acknowledged problem in this area.

Also, I'm not aware of any response to my earlier question:

I would claim that this is still a bug, because I don't think the server should get itself into such a muddle because something is wrong in the browser's site storage. (What breaks if any attempt to logout, or any access while logged out, flushes out all stored data for the site?)

Would flushing the stored data be hard to do?

linonetwo commented 4 years ago

Hi, when starting test server

solid:authentication Error registering a new client: { FetchError: request to https://localhost:8443/.well-known/openid-configuration failed, reason: unable to verify the first certificate

can be solved by adding following CA related code to the top of node_modules/solid-server/lib/create-app.js

// Get full chain CA and local CA added by mkcert, so secure TLS can be established
const rootCAs = require('ssl-root-cas/latest').create();
rootCAs.addFile(process.env.MKCERT_PATH);
require('https').globalAgent.options.ca = rootCAs;

with

DEBUG=solid:* MKCERT_PATH=\"$(mkcert -CAROOT)/rootCA.pem\" solid start # --root $(pwd)/data --data-browser-path $(pwd)/../node_modules/mashlib/dist/databrowser.html --config-file $(pwd)/../config.solid.example.json

if you are using CA generated by mkcert

linonetwo commented 4 years ago

https://github.com/solid/node-solid-server/issues/1383 seems related?

linonetwo commented 4 years ago

Maybe we can close this, it is fixed by https://github.com/solid/node-solid-server/pull/1388 and https://github.com/solid/node-solid-server/issues/1389

gklyne commented 4 years ago

If it's fixed, that's great, and yes do close it. (I don't have a setup for repeat testing - the nature of the problem I encountered makes it difficult to test.)

Looking back through the log, I see my earlier comment:

I would claim that this is still a bug, because I don't think the server should get itself into such a muddle because something is wrong in the browser's site storage. (What breaks if any attempt to logout, or any access while logged out, flushes out all stored data for the site?)

It's not obvious to me on a cursory look that those fix problems with messed-up browser site storage. But if they do, or if you think it's not a problem, I'm happy to see this closed.

linonetwo commented 4 years ago

Oh, seems not. I didn't touch anything related to browser storage.

But without a reproducible example, your issue will be difficult to track. I always keep a git branch to track the place I encounter the bug.