Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

HTTP redirect detection breaks connection in some (corporate) networks

See original GitHub issue

Describe the bug

I want to use one of my NC bookmark app server folders on my company PC. Since a few weeks syncing is not possible any more with the error: Syncing failed with E033: Redirect detected. ( I guess: https://github.com/floccusaddon/floccus/commit/6946fc96c13b108e42af66474d6f1981398416b8)

I’m aware that there is a zscaler proxy which fiddles with the connection. Sync outside of the company network is as expected.

I was not sure whether to label it a bug or feature request. But since it broke a working setup I went with bug.

Expected behavior

For this it would be good to have an option, which is default on, to deactivate this redirect check.

Desktop

OS: Windows 10
Browser chrome, firefox, brave
Floccus version: 4.6.1
Floccus sync method: nextcloud bookmarks

Server

OS: [Raspberry Pi OS buster]
Nextcloud version: [21.0]
Bookmarks app version: [4.1.0]

Debug log

Debug log provided

2021-04-08T09:10:50.208Z Starting sync process for account user@domain
2021-04-08T09:10:50.212Z Using "merge default" strategy (no cache available)
2021-04-08T09:10:50.221Z Overriding title of built-in node 1 Bookmarks => Bookmarks Bar
2021-04-08T09:10:50.543Z Syncing failed with E033: Redirect detected. Please install the Bookmarks app on your nextcloud and make sure the nextcloud URL you entered doesn't redirect to a different location.

Issue Analytics

State:
Created 2 years ago
Comments:9 (5 by maintainers)

Top GitHub Comments

2reactions

efeloncommented, Apr 9, 2021

It’s hard for me to tell how special my case is for your user base. I would be out of options when you choose a).

I don’t know how much effort it would be, but

c) to create a GUI (or even more hidden) option: Allow redirects

By default you would block them.

2reactions

efeloncommented, Apr 8, 2021

From Firefox (and Chrome) I get a 307 from the company proxy:

Request:

GET /nc/index.php/apps/bookmarks/public/rest/v2/folder/-1/hash HTTP/1.1 Host: mydomain.eu User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate, br Authorization: Basic **** Connection: keep-alive

Response:

HTTP/1.1 307 Temporary Redirect Content-Length: 0 Access-Control-Allow-Origin: * Location: https://gateway.zscaler.net:443/auD?origurl=https%3A%2F%2Fmydomain.eu%2Fnc%2Findex.php%2Fapps%2Fbookmarks%2Fpublic%2Frest%2Fv2%2Ffolder%2F-1%2Fhash&wexps=1&_ordtok=qk43WVqQF3mkNmPNq2VDq7W0J2 Content-Type: text/html P3P: CP=“NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM” Set-Cookie: ssm_au_d=1;SameSite=None;Secure;path=/;domain=mydomain.eu

Top Results From Across the Web

3 Ways to Prevent a URL Redirect Attack - SiteLock

Cybercriminals use these URL redirection attacks to take advantage of users' trust. They do this by redirecting traffic to a malicious web page ......

Redirections in HTTP - MDN Web Docs - Mozilla

In HTTP, redirection is triggered by a server sending a special redirect response to a request. Redirect responses have status codes that start ......

Open redirects: real-world abuse and recommendations ...

Open URL redirection is a class of web application security problems that makes it easier for attackers to direct users to malicious resources....

HTTP Redirects with DNS, and Why HTTPS Redirects are So

What are redirects? Redirects are commonly used to tell website visitors and search engines which URL is the one you want them to...

How to Solve This Webpage has a Redirect Loop Problem

When you redirect one URL to another —this should be a linear flow. ... modern browsers are able to detect such redirect loops...