Plume/Plume
9
18
Fork 24
Code Issues 179 Pull requests 8 Releases 8 Wiki Activity

Follow redirection is broken #233

New issue
Closed
opened 2018-09-18 19:53:23 +00:00 by elegaanz · 5 comments
elegaanz commented 2018-09-18 19:53:23 +00:00 (Migrated from github.com)
Copy link

For some reason the URL you get redirect to after following someone is considered invalid by Rocket and it returns a 500 page…

The problematic redirection seems to be this one: https://github.com/Plume-org/Plume/blob/master/src/routes/user.rs#L138

Plume version: 0.2.0

For some reason the URL you get redirect to after following someone is considered invalid by Rocket and it returns a 500 page… The problematic redirection seems to be this one: https://github.com/Plume-org/Plume/blob/master/src/routes/user.rs#L138 Plume version: 0.2.0
trinity-1686a commented 2018-09-18 20:40:44 +00:00
Owner
Copy link

Oddly enough, I can't reproduce on my local instance, and trying on https://baptiste.gelez.xyz, I can't reproduce either. Any more information, specific commit id, public instance having this issue or something?

Oddly enough, I can't reproduce on my local instance, and trying on https://baptiste.gelez.xyz, I can't reproduce either. Any more information, specific commit id, public instance having this issue or something?
elegaanz commented 2018-09-18 20:46:21 +00:00 (Migrated from github.com)
Copy link

It happened to me when trying to follow someone through a link to the follow URL (i.e. /@/username/follow). I think there is a problem with links to Plume, because I can notice that when clicking your link to https://baptiste.gelez.xyz I'm not logged in, but if I go to any other page I am… Also when someone links a post it is often marked as not found, but then if you access this post through the instance homepage for instance it works fine… It is really weird…

It happened to me when trying to follow someone through a link to the follow URL (i.e. `/@/username/follow`). I think there is a problem with links to Plume, because I can notice that when clicking your link to https://baptiste.gelez.xyz I'm not logged in, but if I go to any other page I am… Also when someone links a post it is often marked as not found, but then if you access this post through the instance homepage for instance it works fine… It is really weird…
trinity-1686a commented 2018-09-19 05:40:21 +00:00
Owner
Copy link

The problem of being connected is not with links, the user_id cookie is marked samesite: Strict, so if we came from another site, the cookie is not sent by a browser honoring this feature (it's a csrf countermeasure that Rocket enable by default for secure cookies, but it won't protect some browsers which doesn't implement it and ignore the flag)

The problem of being connected is not with links, the user_id cookie is marked `samesite: Strict`, so if we came from another site, the cookie is not sent by a browser honoring this feature (it's a csrf countermeasure that Rocket enable by default for secure cookies, but it won't protect some browsers which doesn't implement it and ignore the flag)
trinity-1686a commented 2018-10-20 12:15:00 +00:00
Owner
Copy link

Is it still an issue? If yes, can you give me a step by step howto? I still can't reproduce it neither on my dev instance nor on a public one, even when trying with remote users. Is it possible it's linked to the particular browser you use to access Plume?

Is it still an issue? If yes, can you give me a step by step howto? I still can't reproduce it neither on my dev instance nor on a public one, even when trying with remote users. Is it possible it's linked to the particular browser you use to access Plume?
elegaanz commented 2018-10-20 12:35:05 +00:00 (Migrated from github.com)
Copy link

No it has been fixed I think. If we realize it's not, we will still be able to reopen this issue :D

No it has been fixed I think. If we realize it's not, we will still be able to reopen this issue :D
👍 1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
1686a/resist-gone-sender
1686a/fast-fill
paginate-search-init
s3
fix-delete-user
timeline-cli
blog-title
signature
remove-dup-images
ldap-non-anon
drone-ci
DearRude/force-lang
igalic/go/async-all-mut
go/async
floreal/translations-update
missing-docs
RAOF/fix-arm64-build
epsilon-phase/authorized-fetch
upgrade
improve-the-editor-once-again
igalic/feat/custom-fairing-domains
feature/ldap
test/dotenv_error
fix-mobile-margin
0.7.2
0.7.1
0.7.0
0.6.0
0.5.0
0.4.0-alpha-4
0.3.0-alpha-2
0.2.0-alpha-1
Labels
Clear labels   
A: API

Related to the REST API

  
A: Backend

Code running on the server

  
A: Federation

Stuff related to Federation

  
A: Front-End

Related to the front-end

  
A: I18N

Translations, and related code

  
A: Meta

More about project management or code than the project itself

  
A: Security

   
Build

The building, or installation process of Plume

  
C: Bug

Something isn't working

  
C: Discussion

We need to talk

  
C: Enhancement

New feature or request

  
C: Feature

This is a new feature

  
Compatibility

Compatibility with different browsers, readers and OS

  
Dependency

Related to an external package that Plume uses

  
Design

UI/UX related issues and PRs

  
Documentation

   
Good first issue

Good for newcomers

  
Help welcome

Extra attention is needed

  
Mobile

Issues affecting only mobile UX

  
Rendering

How elements're rendered out for the end user

  
S: Blocked

Something else needs to be fixed first

  
S: Duplicate

This issue or pull request already exists

  
S: Incomplete

This PR is not complete yet

  
S: Instance specific

Issues concern a limited number of instances

  
S: Invalid

This doesn't seem right

  
S: Needs Voting/Discussion

Need to be discussed by the community (on Loomio)

  
S: Ready for review

This PR is ready to be reviewed

  
Suggestion

Proposed ideas worth considering

  
S: Voted on Loomio

This is issue has been created after a vote on Loomio

  
S: Wontfix

This will not be worked on

No labels
A: API
A: Backend
A: Federation
A: Front-End
A: I18N
A: Meta
A: Security
Build
C: Bug
C: Discussion
C: Enhancement
C: Feature
Compatibility
Dependency
Design
Documentation
Good first issue
Help welcome
Mobile
Rendering
S: Blocked
S: Duplicate
S: Incomplete
S: Instance specific
S: Invalid
S: Needs Voting/Discussion
S: Ready for review
Suggestion
S: Voted on Loomio
S: Wontfix
Milestone
Clear milestone
No items
No milestone
Alpha 2
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Plume/Plume#233
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?