addon-bookstack icon indicating copy to clipboard operation
addon-bookstack copied to clipboard

Published 20 hours ago verified publisher icon hassio-addons

Setup issue 419 Error

Open tortho opened this issue 2 years ago • 4 comments

Problem/Motivation

Unable to find the correct config to both be able to show the HA Dasboard card on a computer and edit pages on another instance with same config file.

Case 1 with config file:

certfile: fullchain.pem
envvars:
  - name: SESSION_COOKIE_NAME
    value: bookstack_session
keyfile: privkey.pem
ssl: false

Will give "419 Page Expired" on the computer displaying the HA webpage card. (When loging in) On HA all is workign well, can edit and save pages.

Case 2 with config file:

certfile: fullchain.pem
envvars:
  - name: SESSION_COOKIE_NAME
    value: bookstack_session
  - name: ALLOWED_IFRAME_HOSTS
    value: http://192.168.212.46:8123
keyfile: privkey.pem
ssl: false

HA webpage card will work on the computer displying my dashboard and possible to browse the books. On HA it will allow logging in, navigating editing page etc, but when pressing save button on a page it will give "419 Page expired"

Steps to reproduce

Use configs as above

tortho avatar Feb 23 '23 14:02 tortho

On HA it will allow logging in, navigating editing page etc, but when pressing save button on a page it will give "419 Page expired"

That's a little strange to me, logging in should pretty much be the same kind of requests as saving a page. Note that setting ALLOWED_IFRAME_HOSTS does play with cookies, but cookies can be sticky causing strange scenarios.

I'd give things a test on a completely fresh browser (Or maybe private/incognito window) that's never accessed your instance before setting that option, just to test how it's working from fresh cookies being set.

ssddanbrown avatar Feb 23 '23 15:02 ssddanbrown

Tried with another browser and also in incognito mode. As long as these lines are in the config

  • name: ALLOWED_IFRAME_HOSTS value: http://192.168.212.46:8123

I get a 419 page expired, now also when trying to log in. Removing them then I can log in and edit the pages but not access on my kitchen screen, then when putting them back again I can view but not edit on the other instance..

tortho avatar Feb 26 '23 18:02 tortho

this works for me

envvars:
  - name: ALLOWED_IFRAME_HOSTS
    value: http://192.168.0.19:8123
  - name: SESSION_SECURE_COOKIE
    value: "true"
ssl: false
certfile: fullchain.pem
keyfile: privkey.pem

kozfelipe avatar Oct 30 '23 13:10 kozfelipe

I have the same issue as described by @tortho .

envvars:

  - name: ALLOWED_IFRAME_HOSTS
    value: http://192.168.0.19:8123
  - name: SESSION_SECURE_COOKIE
    value: "true"
ssl: false
certfile: fullchain.pem
keyfile: privkey.pem

This doesn't work for me. Same issue - always... Any ideas?

419Expired

j0kibalb0a avatar May 07 '24 11:05 j0kibalb0a