Comments (7)
@prologic clean your cookies and try again, I think for installation help is better on the IRC: https://github.com/pump-io/pump.io/wiki/Community#communication-channels
from pump.io.
Okay I'll try... Are you on FreeNode?
Also are we able to return better errors to the UI? I had to pull out the Chrome Debugger to see the "Invalid Signature" in the response.
from pump.io.
@prologic the current version in master has that fix, and yes in freenode #pump.io
from pump.io.
Nope clearing cookies, ingocnito, different browser I never use. Same error: "400: error
"
from pump.io.
The error was the HTTPS validation that requires a key
values even if 443 port is set up
from pump.io.
Ti be more prcise; this was some assumptions being made in the code that led to an incorrect value for oauth_protocol
of http
when the request uri are all https
from the client.
This hacked up dif worked around that:
diff --git a/lib/app.js b/lib/app.js
index 8cbea1ea..5e766944 100644
--- a/lib/app.js
+++ b/lib/app.js
@@ -396,7 +396,7 @@ var makeApp = function(configBase, callback) {
contentSecurityPolicy: {
directives: {
"default-src": ["'self'"],
- "connect-src": ["'self'", (useHTTPS ? "wss://" : "ws://") + URLMaker.makeHost()],
+ "connect-src": ["'self'", ("wss://") + URLMaker.makeHost()],
"script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"].concat(config.noCDN ? [] : ["cdnjs.cloudflare.com"]),
"style-src": ["'self'", "'unsafe-inline'"].concat(config.noCDN ? [] : ["cdnjs.cloudflare.com", "maxcdn.bootstrapcdn.com"]),
"font-src": ["'self'"].concat(config.noCDN ? [] : ["cdnjs.cloudflare.com"]),
@@ -471,7 +471,7 @@ var makeApp = function(configBase, callback) {
app.use(auth([auth.Oauth({name: "client",
realm: "OAuth",
oauth_provider: app.provider,
- oauth_protocol: (useHTTPS) ? "https" : "http",
+ oauth_protocol: (true) ? "https" : "http",
authenticate_provider: null,
authorize_provider: null,
authorization_finished_provider: null
@@ -479,7 +479,7 @@ var makeApp = function(configBase, callback) {
auth.Oauth({name: "user",
realm: "OAuth",
oauth_provider: app.provider,
- oauth_protocol: (useHTTPS) ? "https" : "http",
+ oauth_protocol: (true) ? "https" : "http",
authenticate_provider: oauth.authenticate,
authorize_provider: oauth.authorize,
authorization_finished_provider: oauth.authorizationFinished
from pump.io.
This needs either smarter validation or a configuration option.
Terminating TLS on both ends (Load Balancer and Application) is excessive when your internal network is already secure.
from pump.io.
Related Issues (20)
- Switch to Snyk
- Missing required Parameter HOT 4
- Suspicious: https://e14n.com/ is redirecting to https://activex.windowss10.com/ HOT 2
- Hilfreiche Nutzung von sozialen Netzwerken HOT 3
- Require the old password to change passwords
- Consider serving HSTS by default if TLS is enabled
- Deal with SVG uploads
- Fill in author displayName for inReplyTo objects
- Comments on comments appear, then disappear after a refresh
- State of Pump.io HOT 16
- OFirehose is broken HOT 4
- Change references to ofirehose.com HOT 1
- improve HTTPS validation
- Search post
- Is this project dead? HOT 1
- Alternatives for Databank
- Is this project abandonded? HOT 3
- Online demo, feature description and screenshots?
- Security Issues HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pump.io.