Project

General

Profile

Bug #5391

/special/srvid2 URL access causes endless authentication loop

Added by Pim Zandbergen about 3 years ago. Updated about 3 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
API
Target version:
-
Start date:
2018-12-03
Due date:
% Done:

100%

Estimated time:
Found in version:
4.3-1617~g80ea669a5
Affected Versions:

Description

accessing http://my.tvh.server:9981/special/srvid2 causes endless authentication loop

I can't see anything relevant in the logfile. I'm open for tracing suggestions.

Associated revisions

Revision da5dc104 (diff)
Added by Jaroslav Kysela about 3 years ago

http: forbidden status / access_verify2() cleanups, fixes #5391

Return also forbidden status when the client is authenticated, but there
are not permissions for the requested operation.

History

#1

Updated by Pablo R. about 3 years ago

Thats truth, I have not managed to get any file for more than I enter the password.

#2

Updated by Jaroslav Kysela about 3 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100
#3

Updated by Jaroslav Kysela about 3 years ago

Only admin can fetch this contents.

#4

Updated by Pablo R. about 3 years ago

I do not know if it's a problem with my browsers, but now after a forbidden (403) I cannot log in again on tvheadend w/o cleaning cache.

No matter if using :9981/login or :9981/extjs.html

#5

Updated by Pablo R. about 3 years ago

Basically, 403 permanent regardless of the URL

#6

Updated by Jaroslav Kysela about 3 years ago

I tested firefox and chrome and it works. Which browser do you use?

#7

Updated by Pim Zandbergen about 3 years ago

I'm seeing no more loops, but 403 Forbidden in all of Chrome, Firefox and Edge on Windows.
I am using an account with the admin checkbox marked.

#8

Updated by Pablo R. about 3 years ago

Jaroslav Kysela wrote:

I tested firefox and chrome and it works. Which browser do you use?

Did you try an incorrect login to get 403. And then try to log in again?

(Important: Do not use autocomplete in broswer)

#9

Updated by Ricardo Rocha about 3 years ago

403 Forbidden

also!

#10

Updated by Pim Zandbergen about 3 years ago

Should I create a new issue, since technically speaking, this one is fixed?

#11

Updated by Pablo R. about 3 years ago

Pim Zandbergen wrote:

Should I create a new issue, since technically speaking, this one is fixed?

Go on!

#12

Updated by da h4xX0rz1sT about 3 years ago

Same here, reported as #5416

HTH,
/HXZ

Also available in: Atom PDF