Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup issue 419 Error #207

Open
tortho opened this issue Feb 23, 2023 · 4 comments
Open

Setup issue 419 Error #207

tortho opened this issue Feb 23, 2023 · 4 comments

Comments

@tortho
Copy link

tortho commented Feb 23, 2023

Problem/Motivation

Unable to find the correct config to both be able to show the HA Dasboard card on a computer and edit pages on another instance with same config file.

Case 1 with config file:

certfile: fullchain.pem
envvars:
  - name: SESSION_COOKIE_NAME
    value: bookstack_session
keyfile: privkey.pem
ssl: false

Will give "419 Page Expired" on the computer displaying the HA webpage card. (When loging in)
On HA all is workign well, can edit and save pages.

Case 2 with config file:

certfile: fullchain.pem
envvars:
  - name: SESSION_COOKIE_NAME
    value: bookstack_session
  - name: ALLOWED_IFRAME_HOSTS
    value: http://192.168.212.46:8123
keyfile: privkey.pem
ssl: false

HA webpage card will work on the computer displying my dashboard and possible to browse the books.
On HA it will allow logging in, navigating editing page etc, but when pressing save button on a page it will give
"419 Page expired"

Steps to reproduce

Use configs as above
@ssddanbrown
Copy link

On HA it will allow logging in, navigating editing page etc, but when pressing save button on a page it will give
"419 Page expired"

That's a little strange to me, logging in should pretty much be the same kind of requests as saving a page.
Note that setting ALLOWED_IFRAME_HOSTS does play with cookies, but cookies can be sticky causing strange scenarios.

I'd give things a test on a completely fresh browser (Or maybe private/incognito window) that's never accessed your instance before setting that option, just to test how it's working from fresh cookies being set.

@tortho
Copy link
Author

tortho commented Feb 26, 2023

Tried with another browser and also in incognito mode.
As long as these lines are in the config

I get a 419 page expired, now also when trying to log in.
Removing them then I can log in and edit the pages but not access on my kitchen screen, then when putting them back again I can view but not edit on the other instance..

@coziman-vt coziman-vt mentioned this issue Jul 8, 2023
Closed
@kozfelipe
Copy link

this works for me

envvars:
  - name: ALLOWED_IFRAME_HOSTS
    value: http://192.168.0.19:8123
  - name: SESSION_SECURE_COOKIE
    value: "true"
ssl: false
certfile: fullchain.pem
keyfile: privkey.pem

@j0kibalb0a
Copy link

I have the same issue as described by @tortho .

envvars:

  - name: ALLOWED_IFRAME_HOSTS
    value: http://192.168.0.19:8123
  - name: SESSION_SECURE_COOKIE
    value: "true"
ssl: false
certfile: fullchain.pem
keyfile: privkey.pem

This doesn't work for me. Same issue - always... Any ideas?

419Expired

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ssddanbrown @kozfelipe @j0kibalb0a @tortho