BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard

Published 20 hours ago verified publisher icon BookStackApp

419 Page Expired on Adroid Phone

Open logicalasia opened this issue 2 years ago • 6 comments

Attempted Debugging

  • [X] I have read the debugging page

Searched GitHub Issues

  • [X] I have searched GitHub for the issue.

Describe the Scenario

When I login via Android Chrome with saved password, it point to page 419 Page Expired. It is working fine on Computer Browser.

If I login with Chrome saved password, it show me 419 Page Expired. If I click back button, it brings me to default bookstack homepage (after login), which is correct result. If I type the username and password manually everytime I login (in Android Chrome), it brings me to default bookstack homepage, which is correct result.

Tried to clear google save passwords, cache, cookies, and login in again same result happen.

I am using http://

Exact BookStack Version

BookStack v23.10.1

Log Content

No response

Hosting Environment

Installed in Synology Container

logicalasia avatar Dec 03 '23 08:12 logicalasia

Hi @logicalasia, If you specifically open the login page, reload the page (using the browser refresh button) then auto-fill login, does the login work okay or is it the same result?

ssddanbrown avatar Dec 04 '23 23:12 ssddanbrown

Hi @logicalasia, If you specifically open the login page, reload the page (using the browser refresh button) then auto-fill login, does the login work okay or is it the same result?

Same Error I tested in Chrome Normal and Incognito mode

logicalasia avatar Dec 05 '23 00:12 logicalasia

Okay, and is this reproducible on our demo site?

ssddanbrown avatar Dec 05 '23 00:12 ssddanbrown

Yes, after few tried, some errors happen.. I share you the screen recording.. the errors happen when i used "google saved password" to login. and it is working fine if I key in username and password manually.

https://github.com/BookStackApp/BookStack/assets/84135001/b1b0cb87-e4a1-4f65-956f-f79532ee0839

logicalasia avatar Dec 06 '23 14:12 logicalasia

Thanks for checking, and for the clear video demo. It's strange, like it's maybe pre-filling the XSRF token.

I'll look to do some testing on my side to see if I can replicate also, and if so debug to see what's going on.

ssddanbrown avatar Dec 06 '23 14:12 ssddanbrown

We are also getting complains from some users seeing the 419 error code. If the device time is off by a few minutes could this result in a wrong XSRF token? The only think I could find is https://trycatchdebug.net/news/1098027/fix-debug-419-in-laravel-google-callback

I see in the access log POST /oidc/login HTTP/1.1" 419 6628. But in Firefox I don't have POST request going to /oidc/login. Somehow in Safari for this client it is generation that POST request and could not find the reason.

jacac avatar Jan 31 '24 18:01 jacac