Log In failed on subdomain: Oops! Something went wrong.

Jarum

Hello!
I installed Flarum on my Uberspace following the instruction (https://lab.uberspace.de/guide_flarum/) except that I used a subdomain meaning "ln -s flarum/public flarum.mydomain.tld" instead of "ln -s flarum/public html".

As it doesn't worked as expected - couldn't tell any more - I tried the suggested way and inked it to html and after changing the URL in the config.php everything works fine. I can use Flarum without problems.

But I like to use it on the subdomain so I set the link again, changed the config URL (taking care of httpS), cleared the cache. First it appears to be okay, but any attempt to log in failed with the message "Oops! Something went wrong. Please reload the page and try again."

I can't find any hint in the Flarum logs or my webserver's. The Firefox Developer Tool shows already a 500 Internal Server Error for GET the favicon.ico.

Also POST /login leads to the 500 error. Mentioning Referrer Policy strict-origin-when-cross-origin.

I am not into this deep enough to understand. Has it something to do with rules in .htaccess? What can I do?

I would appreciate any advice and help.

clarkwinkelmann

Jarum if you have cross-origin errors, the URL in config.php and the actual URL used must be different.

First try clearing the cache php flarum cache:clear as it might help.

Using the browser developer tools, you should be able to see which domain/prefix is used to perform the requests to the /login or /api endpoints and compare it with the URL in the browser address bar.

I have never heard of people using symlinks to connect the Flarum folder to the server root, I'm not sure it's a very good idea as it could mess up the relative paths used by PHP when creating/reading temporary or assets files. But it shouldn't lead to cross-origin issues by itself. But if the symlinks are messed up maybe you are not actually loading the config file you intended to.

Jarum

Hello Clark,

and thanks for spending some of your time.

Okay, let's see. I tested my Flarum installation all day and it works. Two users started discussions and replied to each others. Everything looks fine.
On my server there is the path /var/www/virtual/<myusername> and inside normally the html directory that is accessible by mydomain.tld.

I installed Flarum with composer to /var/www/virtual/<myusername>/flarum, deleted the html directory, created the link from html to flarum/public and it's fine.

Then I created another link in /var/www/virtual/<myusername>/ named flarum.mydomain.tld and also towards flarum/public. I changed the URL in the config.php, cleared the cache with the given command in the flarum dir and opened flarum.mydomain.tld with FF and everything looks fine, no errors or messages.

Then I try to log in, type in my credentials - doesn't matter which user or if the pw is correct or wrong - and I get the message noted above.
The URL in the address bar is the same as the one announced for the error 500.

I tried now to follow the Installation documentation (https://docs.flarum.org/install#customizing-paths) but the situation is the same - after cache clearing. Error 500 while trying to login and for the favicon.ico

I don't know if this matters, but additionally I see warning that the Ressource under "https://flarum.mydomain.tld/assets/fonts/fa-solid-900.woff2" was preloaded ("link-preload"), but not used in the first seconds. A check is suggested, if all preload attributes are set correctly.

clarkwinkelmann

Jarum do you still see any error about cross-origin requests?

If it really is a 500 HTTP response, you should be able to find logs in Flarum log file or PHP error log https://docs.flarum.org/troubleshoot

The woff font error is nothing to worry about. It's a bit strange but likely unrelated to any 500 error. It likely just means Flarum loads slowly or you don't have any icon displayed on that particular page. If there are cross-origin problems one sign would be that icons don't load, which could also lead to that browser warning about the fonts.

Jarum

Yes, same error.

I followed the troubleshoot guide and double checked everything again. the debug mode only provides the DEBUG link under the message that shows also the 500 Internal Server Error. No hints on php flarum info

The developer tool still shows: XHR POST https://flarum.mydomain.tld/login - [HTTP/2 500 Internal Server Error 42ms]
Referrer Policy strict-origin-when-cross-origin

But I discovered totally on the bottom one more error message:
Error: Promised response from onMessage listener went out of scope - ExtensionMessagingService.js:89:34

Does this helps any further?

luceos

Jarum can you please share the url. That makes it so much easier to look for the issue.

Jarum

luceos

I understand this request, but I like to keep it very private and unknown. And if that means that I can't use the subdomain, I can also deal with using flarum on the main domain. At least I have one way I can use this nice software.

I am thankful for the work and offered help.

luceos

Jarum well I can imagine the cause of the Referer Policy being that the config.php is configured to have a different url than the one you are trying to access the community with. But if the 500 internal server error is caused by something else, which is very likely, one can see what layer is exactly returning the error by inspecting the response headers of the request; if it lists PHP, the error is caused by Flarum, if it shows nginx/apache or your webserver software, it is caused in that layer...

Jarum

Hello and thanks again.

I am pretty sure that it is not the URL in the config.php because I changed it several times now. If it is set to
'url' => 'https://mydomain.tld', and I clear the cache and open https://mydomain.tld, it works
if it is set to 'url' => 'https://flarum.mydomain.tld', and I clear the cache and open https://flarum.mydomain.tld, I'll get error 500, first for GET https://flarum.mydomain.tld/favicon.ico (a file I couldn't find on the server anyway)

The response header info is:
GET
scheme https
host flarum.mydomain.tld
filename /favicon.ico
Adresse 185.26.156.43:443
Status 500 Internal Server Error
Version HTTP/2
Übertragen 1,44 kB (1,26 kB Größe)
Referrer Policy strict-origin-when-cross-origin

content-length 1260
content-type text/html
date Sun, 13 Aug 2023 22:26:39 GMT
etag "6116572d-4ec"
server nginx
X-Firefox-Spdy h2

Accept image/avif,image/webp,/
Accept-Encoding gzip, deflate, br
Accept-Language de,en-US;q=0.7,en;q=0.3
Connection keep-alive
Cookie PHPSESSID= [...]; flarum_session=[...]
Host flarum.mydomain.tld
Referer https://flarum.mydomain.tld/
Sec-Fetch-Dest image
Sec-Fetch-Mode no-cors
Sec-Fetch-Site same-origin
TE trailers
User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
?

When I try to log in appears in the response header
XHR POST https://flarum.mydomain.tld/login [HTTP/2 500 Internal Server Error 238ms]

POST https://flarum.mydomain.tld//login
Status 500 Internal Server Error
Version HTTP/2
Übertragen 1,44 kB (1,26 kB Größe)
Referrer Policy strict-origin-when-cross-origin
Anfrage-Priorität Highest

content-length 1260
content-type text/html
date Sun, 13 Aug 2023 22:40:28 GMT
etag "6116572d-4ec"
server nginx
X-Firefox-Spdy h2

Accept /
Accept-Encoding gzip, deflate, br
Accept-Language de,en-US;q=0.7,en;q=0.3
Connection keep-alive
Content-Length 83
Content-Type application/json; charset=utf-8
Cookie PHPSESSID=[...]; flarum_session=[...]
Host flarum.mydomain.tld
Origin https://flarum.mydomain.tld/
Referer https://flarum.mydomain.tld/
Sec-Fetch-Dest empty
Sec-Fetch-Mode cors
Sec-Fetch-Site same-origin
User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
X-CSRF-Token [...]

As I can't see any hint for PHP I guess it isn't an flarum error or configuration issue, right?

clarkwinkelmann

Jarum all those seem to be completely separate issues, but here are some more hints:

favicon.ico is not a file that Flarum uses. Instead, it's a file most browsers try to automatically find on the server when the page has not defined a favicon. If you set a favicon in Flarum admin panel, the browser should try to load that image instead and skip favicon.ico

The presence of the Origin and Sec-Fetch- headers in the request is suspicious. I don't think Firefox would add those headers if the request wasn't cross-origin. Are you really sure the origin of the page you open in the browser and the one in the API request are the same?

You can inspect and compare window.location.origin and (new URL(app.forum.attribute('apiUrl'))).origin using the browser javascript console. If they differ, your config.php is misconfigured.

The 500 error must be logged somewhere. If it happens even for the favicon, then it's probably at the webserver level. Check for any webserver or system log. Maybe it's in a proxy somewhere.

Try using Chrome or another browser to maybe see the error formatted in a different way.

Jarum

I didn't succeed in inspecting and comparing what you suggested. (I know you could help by knowing the real URL)
The config.php seems really fine. I even replaced it with the original and changed only the URL several times and it works with the domain but not with the subdomain.

There are no hints in the webserver access logs or the error_log_php, but the error_log_apache show something:
AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.

From what I found out, the cause lays in the .htaccess inside the public dir, right?
I haven't changed anything there. I don't understand enough to know where to edit.

I am not even able to change the loglevel because I can't find out how.

luceos

Jarum it is very likely a webserver level issue..

tipako

@Jarum I just had a very similar, if not the same problem (also using Flarum on an Uberspace server). What fixed it for me eventually is adding this to the .htaccess file in the public folder:

RewriteBase /