Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More verbose error message when login nonce check fails #16607

Closed
Findus23 opened this issue Oct 24, 2020 · 1 comment · Fixed by #18051
Closed

More verbose error message when login nonce check fails #16607

Findus23 opened this issue Oct 24, 2020 · 1 comment · Fixed by #18051
Assignees
@peterhashair
Labels
c: Onboarding For issues that make the experience of getting Matomo up and running better. c: Usability For issues that let users achieve a defined goal more effectively or efficiently. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement.
Milestone
4.6.0

Comments

@Findus23
Copy link
Member

At the moment Matomo only shows the following error:

Fehler : Sicherheitschecks fehlgeschlagen. Bitte laden Sie das Formular erneut und prüfen Sie, ob Ihr Browser Cookies zulässt. Wenn Sie einen Proxy Server verwenden, müssen Sie Matomo so einrichten, dass es Proxy Header akzeptiert.

matomo/plugins/Login/lang/en.json

Line 8 in da45651

"InvalidNonceOrHeadersOrReferrer": "Form security failed. Please reload the form and check that your cookies are enabled. If you use a proxy server, you must %1$s configure Matomo to accept the proxy header%2$s that forwards the Host header. Also, check that your Referrer header is sent correctly.",

But when the user has Cookies enabled (which is pretty likely) and is sure that they don't use a reverse proxy (shouldn't it say reverse proxy instead of proxy in the message?), there is no way for them to troubleshoot this issue further, and they will most likely just give up on using Matomo.

Maybe all checks that could fail in verifyNonce() and isLocalUrl() should be logged or even help display a more helpful error message.

matomo/core/Nonce.php

Line 70 in 679e73f

public static function verifyNonce($id, $cnonce)

matomo/core/Url.php

Line 547 in 06d4385

public static function isLocalUrl($url)

@Findus23 Findus23 added c: Usability For issues that let users achieve a defined goal more effectively or efficiently. c: Onboarding For issues that make the experience of getting Matomo up and running better. labels Oct 24, 2020
@tsteur tsteur added c: Onboarding For issues that make the experience of getting Matomo up and running better. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement. and removed c: Onboarding For issues that make the experience of getting Matomo up and running better. labels Oct 25, 2020
@tsteur tsteur added this to the Priority Backlog (Help wanted) milestone Oct 25, 2020
@Starker3
Copy link
Contributor

Same error message occurs with the following in the console:
Cookie "MATOMO_SESSID" has been rejected because there is an existing "secure" cookie.

This error occurs when connecting to matomo over http when previously connecting over https, could be useful to add additional text in the default error message along the following lines:
If you previously connected using https, please ensure you you are connecting over a secure (SSL/TLS) connection and try again

@peterhashair peterhashair self-assigned this Sep 23, 2021
@peterhashair peterhashair linked a pull request Sep 29, 2021 that will close this issue
More verbose error message when login nonce check fails #18051
Merged
11 tasks
@Findus23 Findus23 mentioned this issue Oct 4, 2021
Merged
11 tasks
@justinvelluppillai justinvelluppillai modified the milestones: 4.8.0, 4.6.0 Nov 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@peterhashair peterhashair

Labels
c: Onboarding For issues that make the experience of getting Matomo up and running better. c: Usability For issues that let users achieve a defined goal more effectively or efficiently. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement.
Projects
None yet
Milestone
4.6.0
Development

Successfully merging a pull request may close this issue.

More verbose error message when login nonce check fails matomo-org/matomo
5 participants
@tsteur @justinvelluppillai @peterhashair @Findus23 @Starker3