Login Problems #403
Comments
API_ENDPOINT: https://stats.XXX.de
CLIENT_ENDPOINT: https://api-stats.XXX.de/That seems to be the wrong way around doesn't it? Also, I'd recommend removing the |
yeah, i changed it thanks, but it still doesn't show up (also after removing cors). Console log is clear. And the container logs (server, client, db) are all clear (no errors only stdout) as well |
|
Did you change the values in both the Also, if the problem persists after checking both of the above: Please describe in detail what happens when you press the login button. To which URL are you redirected to? Is the browser console clear of errors? Does the network tab show any errors? |
Okay so i changed both values and i still get redirected to an empty page: But this time the link is different: (im on the train rn so might have to take a look at it tomorrow) |
|
Again, please submit all the information you have. What happens in what order when you press which button? Is that the full URL you are being redirected to? (It pretty much can't be; the backend displays "Hello !" on its |
On the login Site: server:
image: yooooomi/your_spotify_server
restart: always
container_name: spotify-server
ports:
- "8180:8080"
links:
- mongo
depends_on:
- mongo
environment:
API_ENDPOINT: https://api-stats.XXX.de/
CLIENT_ENDPOINT: https://stats.XXX.de/
SPOTIFY_PUBLIC: XXX
SPOTIFY_SECRET: XXX
CORS: i-want-a-security-vulnerability-and-want-to-allow-all-origins
mongo:
container_name: spotify-db
image: mongo:6
volumes:
- ./spotify_db:/data/db
web:
container_name: spotify-client
image: yooooomi/your_spotify_client
restart: always
ports:
- "3004:3000"
environment:
API_ENDPOINT: https://api-stats.XXX.de/Console error: When I press login it redirects to: So I guess something is wrong with my redirect? When I adjust the redirect manually it goes back to the same page. Container Logs: |
This is very weird, as the This also looks like something bad is happening on your reverse proxy level or some component that rewrites your paths. The In general, my best guess is that this issue is related to your reverse proxy or load balancer configuration. Please double-check it and tell us a little more about your proxy setup. |
curl -v https://api-stats.XXX.de/me
* Trying 116XXX:443...
* Connected to api-stats.XXXX.de (116.XXX) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.XXX.de
* start date: May 19 05:24:35 2024 GMT
* expire date: Aug 17 05:24:34 2024 GMT
* subjectAltName: host "api-stats.XXX.de" matched cert's "*.XXX.de"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x560a9a0beeb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /me HTTP/2
> Host: api-stats.XXX.de
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 301
< server: openresty
< date: Fri, 31 May 2024 07:43:28 GMT
< content-type: text/html
< content-length: 166
< location: https://api-stats.XXX.de/32:3004/me
< strict-transport-security: max-age=63072000; preload
< x-served-by: api-stats.XXX.de
<
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>openresty</center>
</body>
</html>
* Connection #0 to host api-stats.XXX.de left intact
I am using nginx-proxy-manager and Cloudflare as Proxy/CDN service |
|
Wait a second... I accidentally added my subnet in nginx 132.XXX.XXX.XXX/32 like this....... I'm going to try again I'm terribly sorry if this was the error |
|
Still get these errors: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api-stats.XXX.de/me. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
Object { stack: "ec@https://stats.XXX.de/static/js/main.e3d08b6e.js:2:402371\nHc</</u.onerror@https://stats.XXX.de/static/js/main.e3d08b6e.js:2:417263\n", message: "Network Error", name: "AxiosError", code: "ERR_NETWORK", config: {…}, request: XMLHttpRequest }
[thunk.ts:24:14](https://stats.XXX.de/static/js/services/redux/modules/user/thunk.ts)
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api-stats.XXX.de/global/preferences. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
Object { stack: "ec@https://stats.XXX.de/static/js/main.e3d08b6e.js:2:402371\nHc</</u.onerror@https://stats.XXX.de/static/js/main.e3d08b6e.js:2:417263\n", message: "Network Error", name: "AxiosError", code: "ERR_NETWORK", config: {…}, request: XMLHttpRequest }
[thunk.ts:28:14](https://statsXXX.de/static/js/services/redux/modules/settings/thunk.ts)and when I click on login it redirects to: and then to: server:
image: yooooomi/your_spotify_server
restart: always
container_name: spotify-server
ports:
- "8180:8080"
links:
- mongo
depends_on:
- mongo
environment:
API_ENDPOINT: https://api-stats.XXX.de
CLIENT_ENDPOINT: https://stats.XXX.de
SPOTIFY_PUBLIC: XXX
SPOTIFY_SECRET: XXX
CORS: i-want-a-security-vulnerability-and-want-to-allow-all-origins
mongo: container_name: spotify-db
image: mongo:6
volumes:
- ./spotify_db:/data/db
web:
container_name: spotify-client
image: yooooomi/your_spotify_client
restart: always
ports:
- "3004:3000"
environment:
API_ENDPOINT: https://api-stats.XXX.de |
|
Your proxy configuration is most likely still broken. Do |
|
Okay guys i am terribly sorry im just a dumb ass.... Yes i have set the wrong port in my reverse proxy both hosts where proxying the same port... Omg I am so sorry for wasting your time That's what happens when you change ports 5 Times....... |
So I saw this project and wanted to try it out, but I can't seem to get further than running it, actually using it doesn't work.
And those are my redirect URIs:
This is the login page:
The text was updated successfully, but these errors were encountered: