macOS' and iOS' Safari images stop loading and users are logged out #24176
Comments
I haven't fully understand your problem. Do you mean that: if a user visits an image URL, then the user gets signed-out?
I do not think it is related.
Which page? I just tried, I can login try.gitea.io. |
|
I can visit it with no problem. macOS both firefox and safari. |
saegl5
changed the title
@wxiaoguang and @lunny try.gitea.io works for me now, thanks |
What's the session related config in your Since you can't reproduce the problem on try.gitea.io, I suspect that this problem is related to your server-side session storage. If you have no idea about how to continue debugging, a clear & minimal reproducible sample should help, eg: you could try to setup a small and clear instance, to try whether it has the same problem. If yes, report the details here then maintainers could help to reproduce and debug. If the new instance doesn't have the problem, then try to find what's the difference between it and your production instance, by fine-tuning the config options step by step. |
wxiaoguang
added
issue/needs-feedback
|
app.ini: |
|
No idea from my side (it doesn't look like a Gitea's problem at the moment) Could you try to setup a clear & minimal instance to see whether the problem would occur? |
|
@wxiaoguang thank you for your input and for following up I feel odd—a bit embarrassed too—to find that the issue went way after checking "Remember This Device" before logging in although checking that option seems logical to work, since I never had to check that option until recently, then checking that options seems to be a sort of workaround tonight, I'll try to setup a small and clear instance, as you suggested |
|
@wxiaoguang okay, small and clear instance:
Issue occurs here too.
anyways, for now I am reminding myself to check "Remember This Device" before logging in |
|
OK, I know the problem now. It's related to Safari & Gitea's session management.
|
|
OK, I 99% understand the problem now. It's highly likely a Safari bug. At the beginning, Safari sends Cookie with Avatar requests. But after a few minutes, Safari only sends Cookie with page request, but doesn't send Cookies with Avatar request. Then , the avatar request can't see a session cookie, then the handler (middleware) allocates a new session ID, then this cookie is applied to the whole site, then you are in a non-signed-in session. At the beginning, Safari sends cookies.
After a while, the avatar request doesn't have cookies.
|
|
According to my test, disabling this option could fix Safari's buggy behavior (actually, Google result shows that a lot of users are affected by similar buggy behavior) Screenshot:
|
wxiaoguang
added
type/bug
and removed
issue/needs-feedback
|
@wxiaoguang wow! great work! kindly note, however, that—as also noted above—disabling preventing cross-site tracking didn't work for me
this all seems to be making sense to me now |
Fix #24176 Clean some misuses of route package, clean some legacy FIXMEs --------- Co-authored-by: Giteabot <teabot@gitea.io>
Partically backport go-gitea#24330 Related: go-gitea#24176 Maybe fix go-gitea#24770 (cherry picked from commit 64cc691)
Description
Ever since Gitea Version 1.19.0, I have frequently encountered an issue with images: They stop loading, and then users are immediately logged/"kicked" out. Error code 404: "The page you are trying to reach either does not exist or you are not authorized to view it."
Clearing web browser history temporarily fixes the issue, for perhaps one minute.
This issue only occurs in Safari (desktop and mobile), neither Chrome, nor Firefox, nor DuckDuckGo.
Also, this issue only occurs in my Gitea instance, no other websites.Other observations: The file type doesn't matter (e.g., JPEG and GIF). I also attempted disabling the development menu, using a different MacBook, using safe mode, emptying Safari's caches, using the private window, using a different account (e.g., admin and dummy user), disabling Private Relay, disabling plug-ins, disabling privacy features (e.g., preventing cross-site tracking), changing the DNS to CloudFlare's, restarting my internet router, trying Safari Technology Preview, removing content blockers, and disabling iCloud's Safari sync.
I tried to reproduce the bug on the Gitea demo site, but the site won't allow me to even log in. Error code 500.(Can log in, now.)Might the way in which Gitea interacts with Safari, in regards to cookie behavior, have changed? Perhaps?
Debug log:
Gitea Version
1.19.1
Can you reproduce the bug on the Gitea demo site?
No
Screenshots
Example of image not loading:
Git Version
2.40.0
Operating System
Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-1031-gcp x86_64)
How are you running Gitea?
I run Gitea in a Google Cloud instance, and the Gitea package is installed using instructions from https://gitlab.com/packaging/gitea/
Database
SQLite
The text was updated successfully, but these errors were encountered: