search

vaadin / full-stack-starter

Public repository for Full Stack Starter issues
https://vaadin.com/start
1 stars 0 forks source link

Firefox: Login redirects to robots.txt / 404 #17

Closed knoobie closed 6 years ago

knoobie commented 6 years ago

Firefox (61+) sometimes (often first login after restarting the browser) redirects the user to /robots.txt instead of the storefront.

grafik

alvarezguille commented 6 years ago

@knoobie thanks for reporting this, I wasn't able to reproduce. And I'm starting to believe that maybe it's related to some Firefox add-on requesting robots.txt file. That could be verified by testing with disabled addons or maybe in private browsing mode.

Independent of reproducibility this behavior can be prevented by adding /robots.txt to the Spring Security bypass configuration. That is in SecurityConfiguration.java in the method public void configure(WebSecurity web) throws Exception { add the String "/robots.txt" to the web.ignoring().antMatchers args.

Something like:

        web.ignoring().antMatchers(
                // the robots exclusion standard
                "/robots.txt",

                // Vaadin Flow static resources
                "/VAADIN/**",

                // the standard favicon URI
                "/favicon.ico",
...

We will include this change in the starter after corresponding tests

knoobie commented 6 years ago

@alvarezguille thank you for looking at that! The only addon that is installed is wappalyzer.

I think you are right, the addon is used to crawl webpages.

alvarezguille commented 6 years ago

Wappalyzer seems to be the source of the request indeed https://github.com/AliasIO/Wappalyzer/blob/master/src/drivers/webextension/js/driver.js#L293-L342

I'll close the issue.