-
Notifications
You must be signed in to change notification settings - Fork 649
Error accessing dashboard #2252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Thanks for the report @dbr. I'm not able to replicate this on my machine in production or staging right now. Can you capture the JSON response data through the browser tools for the The only obvious way I see for that endpoint to generate a 403 response is when an invalid |
Strange - while I was looking at the JSON responses, this seems to have corrected itself.. From https://crates.io/api/v1/crates?following=1 I was getting this response with an error 403:
At the same time https://crates.io/api/v1/me was giving the expected response of
Then, for no obvious reason, reloading the problematic crates URL then started giving a valid response of
Maybe related, I did notice that while clicking on some other links ("Other Invites" etc) earlier I did become logged out, but, only sometimes. However, all seems to be working okay again for me - could be closed unless you think it's worth investigating any further. Thanks! :D |
Thanks for the follow up info. The 403 is definitely related to some auth issue. (I grepped for the wrong thing earlier.) We should definitely leave this open, I'm seeing other requests in the logs matching @locks and @Turbo87 do you think it's possible a request is being made somewhere before the login completes? I'm not ruling out the backend either, and will look into adding more logging data here. |
our current auth code is unfortunately a bit hard to follow so I can't rule out the possibility of a race condition somewhere. I haven't noticed any such issues myself yet, but if the request fails like that for @dbr then it seems quite likely that that is the problem. I do have a few refactorings for the auth code in mind already anyway, so hopefully those would fix this issue too 😅 |
My first thought was a browser or plugin issue, but I looked at the user agents in the logs for the |
Add some error chaining to log more on auth failure cc #2252 r? @pietroalbini
…r=carols10cents Serve more static files from nginx Serve more folders containing files with hashed filenames directly from nginx with a max expiration date. Additionally, some unhashed static files are allowed to be cached for up to 1 day. These changes serve as a workaround for an authentication issue. Currently `conduit-cookie` includes a `Set-Cookie` header in every backend response. During the authentication steps, the popup window requests static assets such as `favicon.ico` and `cargo-{hash}.png`. If these assets are served by the backend, they will echo whatever cookie was sent in the request. Therefore, there is a race between the request to `/api/private/session/authorize?...` and requests for these static assets. If a request for one of these assets is sent before authorization is complete and the response arrives after successful authorization, then the stale cookie will be stored again by the browser, overwriting the contents. I've opened conduit-rust/conduit-cookie#12 to track the progress of the proposed long-term solution. This commit should be sufficient to fix the behavior for now and should reduce the number of requests for these static assets (due to improved caching). Closes #2252 r? @carols10cents
I logged in, and tried to click on Dashboard link under my username. It directs to
https://crates.io/me
and gives the following error. Same happens with "Owner Invites" page in same menu, but Account Settings works
The text was updated successfully, but these errors were encountered: