FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. tiksn
    T
    • Profile
    • Following 0
    • Followers 0
    • Topics 1
    • Posts 1
    • Best 0
    • Controversial 0
    • Groups 0

    tiksn

    @tiksn

    0
    Reputation
    1
    Profile views
    1
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    Location Tulsa, OK, USA
    tiksn Unfollow Follow

    Latest posts made by tiksn

    • HTTP 403 Forbidden Error Encountered When Login Attempted from http://we.dev.localtest.me:4211

      What happened?

      Summary

      When attempting to log in from my application hosted on http://we.dev.localtest.me:4211/, an HTTP 403 Forbidden error is encountered. However, the redirection from http://localhost:4211/ works as expected.

      Caveat
      we.dev.localtest.me resolves to 127.0.0.1. localtest.me is a special domain that resolves to A=127.0.0.1 and AAAA = ::1. It is a convenient way to test a multi-tenant application locally.

      Steps to Reproduce: (My Local Setup)

      1. Create tenant
      2. Create an application for that tenant.
      3. Configure Authorized origins and Authorized redirects to contain http://localhost:4211 and http://we.dev.localtest.me:4211 (4211 is a port that UI is hosted on)
      4. Navigate to http://localhost:4211 and click login.
      5. It redirects to http://localhost:9011/ (FusionAuth also running in docker).
      6. Type the email and password from one of the users.
      7. Redirects back to http://localhost:4211.
      8. Navigate to http://we.dev.localtest.me:4211 and click login.
      9. It redirects to http://localhost:9011/ with status code 403 Forbidden.

      Expected Result:

      Login from http://we.dev.localtest.me:4211 should work identically to http://localhost:4211.

      Actual Result:

      FusionAuth fails to redirect back to http://we.dev.localtest.me:4211. It results in HTTP 403.

      Additional Information:

      • Environment: Development
      • Version: 1.53.2
      • My Repo - fossa-app/scripts

      Proposed Solution:

      Environment variable that allows insecure redirects (redirect to HTTP instead of HTTPS only)

      Notes

      Nothing is logged in docker console during the HTTP 403 error.

      Version

      1.53.2

      Affects Versions

      No response

      Note: This is a cross reference of an issue that I reported in GitHub github.com/FusionAuth/fusionauth-issues/issues/2876

      posted in Q&A
      T
      tiksn