Error accessing dashboard #2252
Comments
|
Thanks for the report @dbr. I'm not able to replicate this on my machine in production or staging right now. Can you capture the JSON response data through the browser tools for the The only obvious way I see for that endpoint to generate a 403 response is when an invalid |
|
Strange - while I was looking at the JSON responses, this seems to have corrected itself.. From https://crates.io/api/v1/crates?following=1 I was getting this response with an error 403: At the same time https://crates.io/api/v1/me was giving the expected response of Then, for no obvious reason, reloading the problematic crates URL then started giving a valid response of Maybe related, I did notice that while clicking on some other links ("Other Invites" etc) earlier I did become logged out, but, only sometimes. However, all seems to be working okay again for me - could be closed unless you think it's worth investigating any further. Thanks! :D |
|
Thanks for the follow up info. The 403 is definitely related to some auth issue. (I grepped for the wrong thing earlier.) We should definitely leave this open, I'm seeing other requests in the logs matching @locks and @Turbo87 do you think it's possible a request is being made somewhere before the login completes? I'm not ruling out the backend either, and will look into adding more logging data here. |
|
our current auth code is unfortunately a bit hard to follow so I can't rule out the possibility of a race condition somewhere. I haven't noticed any such issues myself yet, but if the request fails like that for @dbr then it seems quite likely that that is the problem. I do have a few refactorings for the auth code in mind already anyway, so hopefully those would fix this issue too 😅 |
|
My first thought was a browser or plugin issue, but I looked at the user agents in the logs for the |
Add some error chaining to log more on auth failure cc #2252 r? @pietroalbini
…r=carols10cents
Serve more static files from nginx
Serve more folders containing files with hashed filenames directly from
nginx with a max expiration date. Additionally, some unhashed static
files are allowed to be cached for up to 1 day.
These changes serve as a workaround for an authentication issue.
Currently `conduit-cookie` includes a `Set-Cookie` header in every
backend response. During the authentication steps, the popup window
requests static assets such as `favicon.ico` and `cargo-{hash}.png`.
If these assets are served by the backend, they will echo whatever
cookie was sent in the request. Therefore, there is a race between the
request to `/api/private/session/authorize?...` and requests for these
static assets. If a request for one of these assets is sent before
authorization is complete and the response arrives after successful
authorization, then the stale cookie will be stored again by the
browser, overwriting the contents.
I've opened conduit-rust/conduit-cookie#12 to track the progress of the
proposed long-term solution. This commit should be sufficient to fix
the behavior for now and should reduce the number of requests for these
static assets (due to improved caching).
Closes #2252
r? @carols10cents
I logged in, and tried to click on Dashboard link under my username. It directs to
https://crates.io/me
and gives the following error. Same happens with "Owner Invites" page in same menu, but Account Settings works
The text was updated successfully, but these errors were encountered: