BookStack: 419 Page Expired

After upgrade to the latest release which version is 21.04

I cannot log in on the win10 Chrome and Edge browser.

Every time when I log in, it displays things like this:

image

What’s the most weird thing is, I can log in on my phone, which is Android 11 MIUI Edge browser.

This issue has never happened before this upgrade. I can assure the APP_URL in the env file is correct.

Please investigate as it is really an emergent problem.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 17 (6 by maintainers)

Most upvoted comments

When I went to implement the @MFYDev method, I found that those lines did not exist in my .env so I added them, which resolved the issue for me. When it happens again, then I’ll remove them.

+1
shhoppe on Mar 16, 2022

@MFYDev No problem, Happy to hear you git it working!

I’d imagine it was just the SESSION_SECURE_COOKIE=false line that was causing issues, This would conflict with the requirements for cookies to be used in an embedded context. BookStack will now dynamically set that option anyway based upon your APP_URL value.

+1
ssddanbrown on Apr 16, 2021

@MFYDev This is the entire contents of the .env for the demo site:

APP_ENV=demo
APP_DEBUG=false
APP_KEY=REDACTED

DB_HOST=localhost
DB_DATABASE=REDACTED
DB_USERNAME=REDACTED
DB_PASSWORD=REDACTED

CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync

MAIL_DRIVER=log
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null

GITHUB_APP_ID=false
GITHUB_APP_SECRET=false
GOOGLE_APP_ID=false
GOOGLE_APP_SECRET=false

# URL for social login redirects, NO TRAILING SLASH
APP_URL=https://demo.bookstackapp.com

ALLOWED_IFRAME_HOSTS="https://danb.me"

If you’re able to provide an example of a failing embed I can inspect the headers and make sure everything is aligned or see if there are other things causing interference. Don’t need access/login to the BookStack instance, just an example of it embedded.

+1
ssddanbrown on Apr 15, 2021

@MFYDev I’ve setup a replicated test of using this option here: https://danb.me/embed.html

Can you attempt login to the demo site via the iframe in that test page and let me know if that works for you?

+1
ssddanbrown on Apr 14, 2021

That value appears correct, Were you getting the 419 issue just on embedded/iframed versions of Bookstack or did you get this error all the time, even when using the proper domain?

Setting that value does change how cookies are handled. It may be the case that old cookies are interfering with new cookies that BookStack is attempting to set. It’ll be worth completely clearing cookies, or trying to login & use BookStack within a fresh incognito/private window to see if the issue remains.

+1
ssddanbrown on Apr 10, 2021

Hi @MFYDev,

  • What version did you upgrade from?
  • Does the APP_URL value exactly match the public base URL for Bookstack, that will be accessed in the browser including the starting https/http, with no trailing slash?
  • Are you always connecting over https? Or both http and https? or just http?
  • What files exist in the bootstrap/cache folder within your BookStack install folder?
+1
ssddanbrown on Apr 10, 2021
Read more comments on GitHub
← bookshelf: .through() does not work as expected
BookStack: Apache Error 500 at '/login' →