Login redirects to login! Firefox & php8.1 only

Server info

Nextcloud version: 25.0.1

Operating system and version: Ubuntu 22.04.1 LTS

Apache or nginx version: Apache/2.4.54 (Ubuntu)

PHP version: PHP 8.1.2-1ubuntu2.6 (fpm-fcgi)

Client info
Linux Client

OS: Pop!_OS 22.04 LTS

Browser: Firefox

Browser version: 106.0.3 (64-bit)

Mac Client

OS: Mac OS Big Sur

Browser: Firefox

Browser version: 106.0.5 (64-bit)

Error: Redirect loop on login page on Firefox

Is this the first time you’ve seen this error?

No, I have also seen it on a test server running Openlitespeed.

Steps to replicate it:

  1. Open Firefox

  2. Open Nextcloud login screen

  3. Enter credentials

  4. Receive two 303 redirects and page reloads

Further info:

  • The bug does not occur when using php7.4.
  • The bug does not occur when using Chrome/Chromium.
The 303 redirects from Firefox Developer tools
Login POST
Request

POST /login HTTP/2

Host: --removed–

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Content-Type: application/x-www-form-urlencoded

Content-Length: 197

Origin: null

Connection: keep-alive

Cookie: --removed–

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: same-origin

Sec-Fetch-User: ?1

Response

HTTP/2 303 See Other

expires: Thu, 19 Nov 1981 08:52:00 GMT

pragma: no-cache

cache-control: no-cache, no-store, must-revalidate

x-request-id: --removed–

content-security-policy: default-src ‘none’;base-uri ‘none’;manifest-src ‘self’;frame-ancestors ‘none’

feature-policy: autoplay ‘none’;camera ‘none’;fullscreen ‘none’;geolocation ‘none’;microphone ‘none’;payment ‘none’

x-robots-tag: none

set-cookie: --removed–; path=/; secure; HttpOnly; SameSite=Lax

strict-transport-security: max-age=63072000; includeSubDomains; preload

referrer-policy: no-referrer

x-content-type-options: nosniff

x-frame-options: SAMEORIGIN

x-permitted-cross-domain-policies: none

x-xss-protection: 1; mode=block

location: https://–removed–/apps/files/

content-length: 0

content-type: text/html; charset=UTF-8

date: Tue, 08 Nov 2022 16:36:01 GMT

server: Apache/2.4.54 (Ubuntu)

X-Firefox-Spdy: h2

/apps/files GET
Request

GET /apps/files/ HTTP/2

Host: --removed–

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Cookie: --removed–

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: none

Sec-Fetch-User: ?1

TE: trailers

Response

HTTP/2 303 See Other

expires: Thu, 19 Nov 1981 08:52:00 GMT

pragma: no-cache

cache-control: no-cache, no-store, must-revalidate

x-request-id: --removed–

content-security-policy: default-src ‘none’;base-uri ‘none’;manifest-src ‘self’;frame-ancestors ‘none’

feature-policy: autoplay ‘none’;camera ‘none’;fullscreen ‘none’;geolocation ‘none’;microphone ‘none’;payment ‘none’

x-robots-tag: none

set-cookie: --removed–; path=/; secure; HttpOnly; SameSite=Lax

strict-transport-security: max-age=63072000; includeSubDomains; preload

referrer-policy: no-referrer

x-content-type-options: nosniff

x-frame-options: SAMEORIGIN

x-permitted-cross-domain-policies: none

x-xss-protection: 1; mode=block

location: /login?redirect_url=/apps/files/

content-length: 0

content-type: text/html; charset=UTF-8

date: Tue, 08 Nov 2022 16:36:01 GMT

server: Apache/2.4.54 (Ubuntu)

X-Firefox-Spdy: h2

config.php

<?php

$CONFIG = array (

'instanceid' => '--removed--',

'passwordsalt' => '--removed--',

'secret' => '--removed--',

'trusted_domains' =>

array (

0 => '--removed--',

1 => '--removed--',

),

'datadirectory' => '/var/www/nextcloud/data',

'dbtype' => 'mysql',

'version' => '25.0.1.1',

'overwrite.cli.url' => 'https://--removed--',

'htaccess.RewriteBase' => '/',

'dbname' => 'nextcloud',

'dbhost' => 'localhost',

'dbport' => '',

'dbtableprefix' => 'oc_',

'mysql.utf8mb4' => true,

'dbuser' => 'nextcloud',

'dbpassword' => '--removed--',

'installed' => true,

'skeletondirectory' => '/var/www/skeleton',

'trashbin_retention_obligation' => '1, 2',

'ldapUserCleanupInterval' => '30',

'log_type' => 'syslog',

'logfile' => '',

'loglevel' => 1,

'syslog_tag' => 'Nextcloud',

'enable_previews' => false,

'log.condition' =>

array (

'apps' =>

array (

0 => 'admin_audit',

),

),

'default_phone_region' => '--removed--',

'memcache.local' => '\\OC\\Memcache\\APCu',

'filelocking.enabled' => 'true',

'memcache.locking' => '\\OC\\Memcache\\Redis',

'redis' =>

array (

'host' => '/var/run/redis/redis-server.sock',

'port' => 0,

'dbindex' => 0,

'password' => '--removed--',

'timeout' => 1.5,

),

'maintenance' => false,

'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',

);

Apache /var/log/apache2/other_vhosts_access.log

[08/Nov/2022:11:56:43 -0500] "POST /login HTTP/2.0" 303 839 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"

[08/Nov/2022:11:56:43 -0500] "GET /apps/files/ HTTP/2.0" 303 830 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"

[08/Nov/2022:11:56:43 -0500] "GET /login?redirect_url=/apps/files/ HTTP/2.0" 200 5978 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"

[08/Nov/2022:11:56:43 -0500] "GET /apps/theming/image/background?v=12 HTTP/2.0" 404 14256 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"

No errors in nextcloud.log.

1 Like

I’m sorry don’t have any hint.
just for reference I don’t see any issue with Docker Apache image 25.0.1 which is using PHP 8.1.12 and FF 106.0.5 on Windows 10.

Thanks, @wwe. I checked on Windows and did not have the problem.
However, now, on my test server, I am completely unable to log in, no matter the browser or php version. This is becoming quite a crippling problem - does anyone have any ideas?

1 Like

Hello, I just recently switched from using Chrome to Firefox since then I’m experiencing the same error/bug.

However other users which use my Nextcloud instance in combination with firefox dont have that behaviour.

For me it sometimes works to clear all cache and cookies for my Nextcloud domain but not always.

Server:
Nextcloud 24.0.6
Ubuntu 22.01.04 LTS
Apache 2.4.52
PHP 8.1.12

Client:
Firefox 107.0
Win10

But I didn’t test php7 like @Doozy.

1 Like