Server info
Nextcloud version: 25.0.1
Operating system and version: Ubuntu 22.04.1 LTS
Apache or nginx version: Apache/2.4.54 (Ubuntu)
PHP version: PHP 8.1.2-1ubuntu2.6 (fpm-fcgi)
Client info
Linux Client
OS: Pop!_OS 22.04 LTS
Browser: Firefox
Browser version: 106.0.3 (64-bit)
Mac Client
OS: Mac OS Big Sur
Browser: Firefox
Browser version: 106.0.5 (64-bit)
Error: Redirect loop on login page on Firefox
Is this the first time you’ve seen this error?
No, I have also seen it on a test server running Openlitespeed.
Steps to replicate it:
-
Open Firefox
-
Open Nextcloud login screen
-
Enter credentials
-
Receive two 303 redirects and page reloads
Further info:
- The bug does not occur when using php7.4.
- The bug does not occur when using Chrome/Chromium.
The 303 redirects from Firefox Developer tools
Login POST
Request
POST /login HTTP/2
Host: --removed–
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 197
Origin: null
Connection: keep-alive
Cookie: --removed–
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Response
HTTP/2 303 See Other
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
x-request-id: --removed–
content-security-policy: default-src ‘none’;base-uri ‘none’;manifest-src ‘self’;frame-ancestors ‘none’
feature-policy: autoplay ‘none’;camera ‘none’;fullscreen ‘none’;geolocation ‘none’;microphone ‘none’;payment ‘none’
x-robots-tag: none
set-cookie: --removed–; path=/; secure; HttpOnly; SameSite=Lax
strict-transport-security: max-age=63072000; includeSubDomains; preload
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
location: https://–removed–/apps/files/
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 08 Nov 2022 16:36:01 GMT
server: Apache/2.4.54 (Ubuntu)
X-Firefox-Spdy: h2
/apps/files GET
Request
GET /apps/files/ HTTP/2
Host: --removed–
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: --removed–
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
Response
HTTP/2 303 See Other
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
x-request-id: --removed–
content-security-policy: default-src ‘none’;base-uri ‘none’;manifest-src ‘self’;frame-ancestors ‘none’
feature-policy: autoplay ‘none’;camera ‘none’;fullscreen ‘none’;geolocation ‘none’;microphone ‘none’;payment ‘none’
x-robots-tag: none
set-cookie: --removed–; path=/; secure; HttpOnly; SameSite=Lax
strict-transport-security: max-age=63072000; includeSubDomains; preload
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
location: /login?redirect_url=/apps/files/
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 08 Nov 2022 16:36:01 GMT
server: Apache/2.4.54 (Ubuntu)
X-Firefox-Spdy: h2
config.php
<?php
$CONFIG = array (
'instanceid' => '--removed--',
'passwordsalt' => '--removed--',
'secret' => '--removed--',
'trusted_domains' =>
array (
0 => '--removed--',
1 => '--removed--',
),
'datadirectory' => '/var/www/nextcloud/data',
'dbtype' => 'mysql',
'version' => '25.0.1.1',
'overwrite.cli.url' => 'https://--removed--',
'htaccess.RewriteBase' => '/',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => '--removed--',
'installed' => true,
'skeletondirectory' => '/var/www/skeleton',
'trashbin_retention_obligation' => '1, 2',
'ldapUserCleanupInterval' => '30',
'log_type' => 'syslog',
'logfile' => '',
'loglevel' => 1,
'syslog_tag' => 'Nextcloud',
'enable_previews' => false,
'log.condition' =>
array (
'apps' =>
array (
0 => 'admin_audit',
),
),
'default_phone_region' => '--removed--',
'memcache.local' => '\\OC\\Memcache\\APCu',
'filelocking.enabled' => 'true',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
'dbindex' => 0,
'password' => '--removed--',
'timeout' => 1.5,
),
'maintenance' => false,
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
);
Apache /var/log/apache2/other_vhosts_access.log
[08/Nov/2022:11:56:43 -0500] "POST /login HTTP/2.0" 303 839 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"
[08/Nov/2022:11:56:43 -0500] "GET /apps/files/ HTTP/2.0" 303 830 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"
[08/Nov/2022:11:56:43 -0500] "GET /login?redirect_url=/apps/files/ HTTP/2.0" 200 5978 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"
[08/Nov/2022:11:56:43 -0500] "GET /apps/theming/image/background?v=12 HTTP/2.0" 404 14256 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"
No errors in nextcloud.log.