Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

second level domain bug #268

Closed
1 task done
ta1kun opened this issue Dec 30, 2023 · 17 comments
Closed
1 task done

second level domain bug #268

ta1kun opened this issue Dec 30, 2023 · 17 comments
Labels
setup Runtime environment or usage issue

Comments

@ta1kun
Copy link

ta1kun commented Dec 30, 2023

Version

5.0.2

Details & Steps to reproduce

hi, i dont know why the app accept only a first level sub domain.

i make an example:

2fauth.domain.com -> it works!
2fauth.nas.domain.com -> not works!

i tried every possibilities to let work the 2 example but no way. i m using docker with docker compose to run the app.

pls let me know how…

Expectation

it works with second level domain

Error & Logs

No response

Execution environment

No response

Containerization

  • Docker

Additional information

No response

@uniQuk
Copy link

uniQuk commented Dec 31, 2023

It can depend on who your cert provider is. Cloudflare SSL free only covers *.domain.com. If you want *.sub.domain.com you need to pay for Advanced SSL. You'll probably need to provide more details and configuration.

@ta1kun
Copy link
Author

ta1kun commented Jan 1, 2024

impossible. i use other services and it works with second level. only 2fauth not works and it shows a blanc page.

i m using haproxy on pfsense as reverse proxy.

@ta1kun
Copy link
Author

ta1kun commented Jan 2, 2024

Did u fix it?

@Bubka
Copy link
Owner

Bubka commented Jan 2, 2024

Hi,
Please press F12 to enter dev tools on your browser, activate the network tab then refresh the page. You should see lines in red. What is the status code for those lines? And what is their url? (right click any column header to enable the url column if necessary)

Also, how is configured the APP_URL env variable? it should be https://2fauth.nas.domain.com

FI, I can't reproduce on my local setup using nginx as a reverse proxy.

@ta1kun
Copy link
Author

ta1kun commented Jan 3, 2024

the APP_URL is set has expected: https://2fa.nas.domain.cc

ON NETWORK TAB
image

ON CONSOLE TAB
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'attribution-reporting'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'run-ad-auction'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'join-ad-interest-group'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
login:34 Mixed Content: The page at 'https://2fa.nas.domain.cc/login' was loaded over HTTPS, but requested an insecure stylesheet 'http://2fa.nas.domain.cc/build/assets/app-4dde9cb0.css'. This request has been blocked; the content must be served over HTTPS.
login:34 Mixed Content: The page at 'https://2fa.nas.domain.cc/login' was loaded over HTTPS, but requested an insecure script 'http://2fa.nas.domain.cc/build/assets/app-7741c0f3.js'. This request has been blocked; the content must be served over HTTPS.
login:34 Mixed Content: The page at 'https://2fa.nas.domain.cc/login' was loaded over HTTPS, but requested an insecure stylesheet 'http://2fa.nas.domain.cc/build/assets/app-4dde9cb0.css'. This request has been blocked; the content must be served over HTTPS.
login:1 Mixed Content: The page at 'https://2fa.nas.domain.cc/login' was loaded over HTTPS, but requested an insecure manifest 'http://2fa.nas.domain.cc/manifest.json'. This request has been blocked; the content must be served over HTTPS.
login:1 Mixed Content: The page at 'https://2fa.nas.domain.cc/login' was loaded over HTTPS, but requested an insecure favicon 'http://2fa.nas.domain.cc/favicon.png'. This request has been blocked; the content must be served over HTTPS.
login:1 Mixed Content: The page at 'https://2fa.nas.domain.cc/login' was loaded over HTTPS, but requested an insecure favicon 'http://2fa.nas.domain.cc/favicon.ico'. This request has been blocked; the content must be served over HTTPS.

@Bubka
Copy link
Owner

Bubka commented Jan 3, 2024

There is https://2fa.nas.domain.cc/ in the console tab logs. If https://2fa.nas.domain.cc/ is the url used to access 2FAuth (probably your proxy url) then APP_URL have to be set with https://2fa.nas.domain.cc/ instead of https://2fauth.nas.domain.com/

@Bubka Bubka added the setup Runtime environment or usage issue label Jan 3, 2024
@ta1kun
Copy link
Author

ta1kun commented Jan 3, 2024

yes man the real domain is https://2fa.nas.domain.cc/. https://2fauth.nas.domain.com/ was an example

what i mean the APP_URL is set as expected. the problem as u can see it try to load insecure data over http and not https

@Bubka
Copy link
Owner

Bubka commented Jan 3, 2024

oh yes, sorry, I missed the point.

  • Did you set ASSET_URL?

  • v5.0.1 contains a change that should have fixed this. Maybe it's only a cache issue now. Attach a terminal to /srv on your container and run the following:

    php artisan cache:clear
    php artisan view:clear

@ta1kun
Copy link
Author

ta1kun commented Jan 3, 2024

yes finally!!! it was ASSET_URL but i didnt see this parameter

@Bubka
Copy link
Owner

Bubka commented Jan 3, 2024

Great 👍🏻
Can you explain what exactly was wrong?! ASSET_URL was set but with a mismatched value?

@ta1kun
Copy link
Author

ta1kun commented Jan 3, 2024

no i didn't set the ASSET_URL cause i didn't see in the guide this parameter

@ta1kun
Copy link
Author

ta1kun commented Jan 3, 2024

i found a new bug :(

all is working now in second level subdomain but i cant register webauth devices. when i click on register new devices it appear an error:

image

@uniQuk
Copy link

uniQuk commented Jan 3, 2024

Do you have Bitwarden extension? Try a browser/profile with no extensions, I get the same caused by Bitwarded reported here: #269

@ta1kun
Copy link
Author

ta1kun commented Jan 3, 2024

yes perfect. it was bitwarden extension. but now another bug. it give me the possibility to scan the qrcode but when i try to save the device i get this error:

image

@Bubka
Copy link
Owner

Bubka commented Jan 3, 2024

it give me the possibility to scan the qrcode but when i try to save the device i get this error

I don't understand what you wrote, scanning a qrcode is not part of the webauthn registration process!?

@ta1kun
Copy link
Author

ta1kun commented Jan 3, 2024

sorry for my english. i mean after i scan the qrcode and open the link i get the error

@Bubka
Copy link
Owner

Bubka commented Mar 22, 2024

Initial problem is solved so I close the issue. Please open a new issue if any problem remains.

@Bubka Bubka closed this as completed Mar 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
setup Runtime environment or usage issue
Projects
None yet
Development

No branches or pull requests

3 participants