Opened 2 years ago
Closed 2 years ago
#2266 closed defect (duplicate)
QUIC: cookies not transferred correctly on redirect
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | critical | Milestone: | |
| Component: | nginx-core | Version: | |
| Keywords: | quic | Cc: | mkg20001@… |
| uname -a: | Linux nix-test 5.10.52 #1-NixOS SMP Tue Jul 20 14:05:59 UTC 2021 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.21.3
built by gcc 10.3.0 (GCC) built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --prefix=/nix/store/7mphsk4i0dg1k8s76v0pjvidhl646z6j-nginx-quic --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-threads --with-pcre-jit --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --pid-path=/var/log/nginx/nginx.pid --http-client-body-temp-path=/var/cache/nginx/client_body --http-proxy-temp-path=/var/cache/nginx/proxy --http-fastcgi-temp-path=/var/cache/nginx/fastcgi --http-uwsgi-temp-path=/var/cache/nginx/uwsgi --http-scgi-temp-path=/var/cache/nginx/scgi --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_image_filter_module --with-http_geoip_module --with-stream_geoip_module --with-file-aio --with-http_v3_module --with-http_quic_module --with-stream_quic_module --add-module=/nix/store/2ysp5ichpccf4lv1wp2qcwz0bmm840f1-rtmp --add-module=/nix/store/6pb7j6kymf3y4xs5blp3g8mwin2j22kk-dav --add-module=/nix/store/y39g23fn8ikzcd1iy3b1bclqwjk2qmxd-moreheaders |
||
Description
Occurs with Chrome 93.0.4577.82
Cookies are not properly transferred when accessing a site, which redirects to an SSO portal and then redirects back. (SSO being h2-enabled, application being h3-enabled)
The session cookie of the application is shown to be sent by chrome to the application, but the application did not receive it or something else occurred
The problem was resolved by switching to the nginx mainline version, meaning it seems to be a fault in either NGINX's or Chrome's QUIC implementation.
(Application was GitLab, SSO was Keycloak in case someone wants to reproduce)
Attachments (2)
Change History (4)
by , 2 years ago
| Attachment: | signin_redirect.har.gz added |
|---|
by , 2 years ago
| Attachment: | signinff_success.har.gz added |
|---|
HAR of login via firefox 92.0 (it works with firefox)
comment:1 by , 2 years ago
I have the same problem any workaround ? Some Scripts don't work like e.g. Nextcloud / Rainloop
HAR of redirect loop