Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passphrase protected push is not working with Cloudflare Tunnel #2350

Open
9 tasks
MiranoVerhoef opened this issue Jul 18, 2024 · 17 comments
Open
9 tasks

Passphrase protected push is not working with Cloudflare Tunnel #2350

MiranoVerhoef opened this issue Jul 18, 2024 · 17 comments

Comments

@MiranoVerhoef
Copy link

🐛 Bug Report

When deploying the docker and using its internal IP the passphrase protection is working (Filling in a password before showing the actuall password). When connecting to it through Cloudflare Tunnel it doesnt work. It just looks like it does nothing. No notification is shown either. So it looks like its not processing it.

What would be the right settings for the cloudflare tunnel?

🔬 How To Reproduce

Steps to reproduce the behavior:

  1. Deploy docker with preferences setup
  2. Setup cloudflare tunnel
  3. Connect through external IP

Code sample

Environment

Where are you running/using Password Pusher?

  • pwpush.com
  • [x ] Docker Image
    • [ x] pwpush
    • custom image
  • Heroku
  • Digital Ocean
  • Microsoft Azure
  • Google Cloud
  • AWS
  • Source Code
  • Other (please specify)

If applicable, what version of Password Pusher? v1.41.15

Screenshots

📈 Expected behavior

It should accept the password and go through to the page where it shows the actual password.

📎 Additional context
@github-actions GitHub Actions
Copy link

Hello @MiranoVerhoef, thanks for contributing to the Password Pusher community! We will respond as soon as possible.

@pglombardo
Copy link
Owner

Hi @MiranoVerhoef - are there any errors in the browser console?

@MiranoVerhoef
Copy link
Author

I haven't noticed any errors, (Log level was on warn).

I could rebuild the test environment if you want me to supply more information.

Hi @MiranoVerhoef - are there any errors in the browser console?

@pglombardo
Copy link
Owner

A long shot guess might be blocked cross site scripting requests because of the variation in HTTP host headers.

This error would show up in the browser javascript console as an error though - not in the Docker container logs.

I could rebuild the test environment if you want me to supply more information.

To diagnose we (either you or I) might have to. I'm a bit tied up today but I'll see if I can figure how to setup a Cloudflare tunnel (never done it) later today/this week.

@MiranoVerhoef
Copy link
Author

Let me spin up a docker, and show you the results!

@MiranoVerhoef
Copy link
Author

MiranoVerhoef commented Jul 18, 2024
edited
Loading

Uncaught (in promise) Error: Could not establish connection. Receiving end does not exist. fc moz-extension://be300fa5-05ad-4df5-aa5f-9cb3e0742fe3/javascript/BG.js:2 [BG.js:2:2083026](moz-extension://be300fa5-05ad-4df5-aa5f-9cb3e0742fe3/javascript/BG.js) sendRemoveListener on closed conduit [email protected] 3 [ConduitsChild.sys.mjs:122:13](resource://gre/modules/ConduitsChild.sys.mjs) _send resource://gre/modules/ConduitsChild.sys.mjs:122 removeListener resource://gre/modules/ExtensionChild.sys.mjs:673 removeListener resource://gre/modules/ExtensionChild.sys.mjs:929 register chrome://extensions/content/child/ext-storage.js:163 removeListener resource://gre/modules/ExtensionCommon.sys.mjs:2957 revoke resource://gre/modules/ExtensionCommon.sys.mjs:2979 close resource://gre/modules/ExtensionCommon.sys.mjs:2984 unload resource://gre/modules/ExtensionCommon.sys.mjs:1019 close resource://gre/modules/ExtensionContent.sys.mjs:1067 destroyed resource://gre/modules/ExtensionContent.sys.mjs:1140 observe resource://gre/modules/ExtensionContent.sys.mjs:1163 Promise rejected after context unloaded: Actor 'Conduits' destroyed before query 'RuntimeMessage' was resolved 3 [6.js:2](moz-extension://be300fa5-05ad-4df5-aa5f-9cb3e0742fe3/javascript/6.js) sendMessage moz-extension://be300fa5-05ad-4df5-aa5f-9cb3e0742fe3/javascript/6.js:2 Promise rejected after context unloaded: Actor 'Conduits' destroyed before query 'RuntimeMessage' was resolved [sso.js:2](moz-extension://be300fa5-05ad-4df5-aa5f-9cb3e0742fe3/content_scripts/sso.js) sendMessage moz-extension://be300fa5-05ad-4df5-aa5f-9cb3e0742fe3/content_scripts/sso.js:2 Promise rejected after context unloaded: Actor 'Conduits' destroyed before query 'RuntimeMessage' was resolved 9 [6.js:2](moz-extension://be300fa5-05ad-4df5-aa5f-9cb3e0742fe3/javascript/6.js) sendMessage moz-extension://be300fa5-05ad-4df5-aa5f-9cb3e0742fe3/javascript/6.js:2 [Exception... "Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [nsIDOMWindowUtils.addSheet]" nsresult: "0x80070057 (NS_ERROR_ILLEGAL_VALUE)" location: "JS frame :: resource://gre/modules/ExtensionCommon.sys.mjs :: runSafeSyncWithoutClone :: line 61" data: no] 5 [ExtensionCommon.sys.mjs:61:12](resource://gre/modules/ExtensionCommon.sys.mjs) runSafeSyncWithoutClone resource://gre/modules/ExtensionCommon.sys.mjs:61 cssPromise resource://gre/modules/ExtensionContent.sys.mjs:585 Welcome to Password Pusher! ( ◑‿◑)ɔ┏🍟--🍔┑٩(^◡^ ) [application-d87c2becacd3dfbaac7976628d5edee5da6640343ba84be52b2c00dd23eca734.js:24:124694](https://*****/assets/application-d87c2becacd3dfbaac7976628d5edee5da6640343ba84be52b2c00dd23eca734.js) --> 🏝 May all your pushes be stored securely, read once and expired quickly.

@MiranoVerhoef
Copy link
Author

afbeelding

PHoto for reference

@pglombardo
Copy link
Owner

That was a quick turn around! Those exceptions are from the Chrome MozBar extension. Could you try in an incognito window with no extensions?

@MiranoVerhoef
Copy link
Author

afbeelding
afbeelding

When doing in incognito i get no result at al which is strange

@pglombardo
Copy link
Owner

That is weird. Nothing easy unfortunately... You can do a network trace in the "Network" tab, reload the page and submit the passphrase.

You should see the page load and form submission in the network trace. Could you try that?

@MiranoVerhoef
Copy link
Author

I have a .HAR file, would you like this?

afbeelding

@pglombardo
Copy link
Owner

Hrm no errors? Apologies, I'm tied up with the day job. I'll loop back soon.

If you want you can email the .HAR file to me at pglombardo @ pwpush.com domain.

Better if you send it to me using pwpush.com in a new push. :-)

@MiranoVerhoef
Copy link
Author

Send!

Ofcourse, in a push ;)

@pglombardo
Copy link
Owner

That helped - thanks. When posting a passphrase, the server responds with a Set Cookie and then redirects to the direct push URL. When serving the direct push URL, the server checks for the cookie.

It seems the cookie isn't being set. Not sure why yet though. Is there any setting in Cloudflare to in respect to cookies?

@MiranoVerhoef
Copy link
Author

Just checking Cloudflare:

afbeelding
afbeelding
afbeelding

Doesn't seem to be anything related whilst using HTTP atleast

@pglombardo
Copy link
Owner

pglombardo commented Jul 18, 2024
edited
Loading

Slight long shot but try this:

  1. Set the Cloudflare Host Header to the public domain/url you are using (e.g. x.domain.nl)
  2. In Password Pusher set PWP__ALLOWED_HOSTS="x.domain.nl"

I suspect it might be a mismatch that is blocking the cookie.

@MiranoVerhoef
Copy link
Author

Hello,

I will go ahead and try this on the end of the week (We don't use database variant for security reasons) that's why i cannot change a parameter. Unless it works without rebooting? (using Config file)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pglombardo @MiranoVerhoef