Broken Api Token back button #3371

New Issue

OVERLORD · 2026-02-05T06:31:16+03:00

OVERLORD commented

2026-02-05 06:31:16 +03:00

Originally created by @McHill007 on GitHub (Nov 30, 2022).

Describe the Bug

hi,
it seems like the back button when creating or deleting a token is not working using bookstack with IIS.
The redirect is cutting off the subfolder in the url

href => https://localhost/docs/settings/users/19/#api_tokens (The link still contains docs)
redirect to => https://localhost/settings/users/19/#api_tokens (Redirect does not contain docs anymore)

Steps to Reproduce

Goto Edit Profile
Create Token
Save Token
Press Back <-- error
or
5.- Delete Token
Press confirm <--error

Expected Behaviour

Return to user settings page

Screenshots or Additional Context

Browser Details

Chrome

Exact BookStack Version

BookStack v22.10.2

PHP Version

8.1

Hosting Environment

Windows Server 2019 with IIS

Originally created by @McHill007 on GitHub (Nov 30, 2022). ### Describe the Bug hi, it seems like the back button when creating or deleting a token is not working using bookstack with IIS. The redirect is cutting off the subfolder in the url href => https://localhost/docs/settings/users/19/#api_tokens (The link still contains docs) redirect to => https://localhost/settings/users/19/#api_tokens (Redirect does not contain docs anymore) ### Steps to Reproduce 1. Goto Edit Profile 2. Create Token 3. Save Token 4. Press Back <-- error or 5.- Delete Token 6. Press confirm <--error ### Expected Behaviour Return to user settings page ### Screenshots or Additional Context ![image](https://user-images.githubusercontent.com/32106919/204854544-17e1f57c-8292-48ca-8fc3-a1d16822f637.png) ### Browser Details Chrome ### Exact BookStack Version BookStack v22.10.2 ### PHP Version 8.1 ### Hosting Environment Windows Server 2019 with IIS

OVERLORD added the 🐛 Bug label 2026-02-05 06:31:16 +03:00

OVERLORD closed this issue

2026-02-05 06:31:22 +03:00

OVERLORD commented

2026-02-05 06:31:24 +03:00

@ssddanbrown commented on GitHub (Nov 30, 2022):

Have gone through the same flow on our demo instance and my local dev instance, where my local dev instance is hosted on a sub-path. All works as expected.

Really these are just normally generated URLs like any other in the system, the only difference is that have a hash in them.
Makes my think it could be the sub-path handling on the IIS side being thrown off by the hashes.
Couple of questions:

Does this also occur when using the "Settings > Maintenance > Send a Test Email" option?
Is the APP_URL env option for your instance set to exactly https://localhost/docs?

@ssddanbrown commented on GitHub (Nov 30, 2022): Have gone through the same flow on our demo instance and my local dev instance, where my local dev instance is hosted on a sub-path. All works as expected. Really these are just normally generated URLs like any other in the system, the only difference is that have a hash in them. Makes my think it could be the sub-path handling on the IIS side being thrown off by the hashes. Couple of questions: - Does this also occur when using the "Settings > Maintenance > Send a Test Email" option? - Is the `APP_URL` env option for your instance set to exactly `https://localhost/docs`?

OVERLORD commented

2026-02-05 06:31:28 +03:00

@McHill007 commented on GitHub (Nov 30, 2022):

Does this also occur when using the "Settings > Maintenance > Send a Test Email" option?

I'm getting an error since I didnt setup mail

Is the APP_URL env option for your instance set to exactly https://localhost/docs?

Yes, I also rerun the db update script artisan as stated in the env file

@McHill007 commented on GitHub (Nov 30, 2022): > * Does this also occur when using the "Settings > Maintenance > Send a Test Email" option? I'm getting an error since I didnt setup mail > * Is the `APP_URL` env option for your instance set to exactly `https://localhost/docs`? Yes, I also rerun the db update script artisan as stated in the env file

OVERLORD commented

2026-02-05 06:31:32 +03:00

@ssddanbrown commented on GitHub (Nov 30, 2022):

Alrighty, thanks, additional questions:

If you go back to the edit area for an API token, and hover over the "Back" button, does the URL look correct (With the /docs included?)
- If not, what about when hovering over the "Delete" button?

@ssddanbrown commented on GitHub (Nov 30, 2022): Alrighty, thanks, additional questions: - If you go back to the edit area for an API token, and hover over the "Back" button, does the URL look correct (With the `/docs` included?) - If not, what about when hovering over the "Delete" button?

OVERLORD commented

2026-02-05 06:31:33 +03:00

@McHill007 commented on GitHub (Nov 30, 2022):

Just testing that, and it seems to look fine. I guess it's related to the created rewrite rules.

@McHill007 commented on GitHub (Nov 30, 2022): Just testing that, and it seems to look fine. I guess it's related to the created rewrite rules.

OVERLORD commented

2026-02-05 06:31:35 +03:00

@ssddanbrown commented on GitHub (Nov 30, 2022):

Yeah, that would be my guess since BookStack is generating the URLs properly by the sounds of things.
Could maybe be a side affect with BookStack handling hashes on sub-path requests, but would have thought I'd be getting that too in my dev environment if it's an app-level problem.

@ssddanbrown commented on GitHub (Nov 30, 2022): Yeah, that would be my guess since BookStack is generating the URLs properly by the sounds of things. Could maybe be a side affect with BookStack handling hashes on sub-path requests, but would have thought I'd be getting that too in my dev environment if it's an app-level problem.

OVERLORD commented

2026-02-05 06:31:39 +03:00

@McHill007 commented on GitHub (Nov 30, 2022):

Well strange is, if I type the url directly to the browser it works without problem. In this case I would think, it's not a redirect problem.
https://localhost/docs/settings/users/19#api_tokens

Strange behavior.

@McHill007 commented on GitHub (Nov 30, 2022): Well strange is, if I type the url directly to the browser it works without problem. In this case I would think, it's not a redirect problem. https://localhost/docs/settings/users/19#api_tokens Strange behavior.

OVERLORD commented

2026-02-05 06:31:46 +03:00

@ssddanbrown commented on GitHub (Nov 30, 2022):

Very strange. Is it for sure 100% the same URL, including the starting protocol (https:// vs http://)?
Could maybe see this if there was an internal redirect from http to https.

Otherwise, not sure why those two actions would differ.

@ssddanbrown commented on GitHub (Nov 30, 2022): Very strange. Is it for sure 100% the same URL, including the starting protocol (`https://` vs `http://`)? Could maybe see this if there was an internal redirect from http to https. Otherwise, not sure why those two actions would differ.

OVERLORD commented

2026-02-05 06:31:49 +03:00

@McHill007 commented on GitHub (Dec 2, 2022):

No not 100% the same.
https://localhost/docs/settings/users/19#12 <--- ok
https://localhost/docs/settings/users/19/#12 <--- broken

I'm quite sure it's related to the following IIS rewrite rule, but I didn't manage to fix it.

I removed the anchors from the token view and the userapitokencontroller and it works - of course the redirect is not jumping to the token anchor anymore, but that's ok for me.

@McHill007 commented on GitHub (Dec 2, 2022): No not 100% the same. https://localhost/docs/settings/users/19#12 <--- ok https://localhost/docs/settings/users/19/#12 <--- broken I'm quite sure it's related to the following IIS rewrite rule, but I didn't manage to fix it. ![image](https://user-images.githubusercontent.com/32106919/205333397-a14effa1-abd9-4def-94c0-587569c7e303.png) I removed the anchors from the token view and the userapitokencontroller and it works - of course the redirect is not jumping to the token anchor anymore, but that's ok for me.

OVERLORD commented

2026-02-05 06:31:54 +03:00

@ssddanbrown commented on GitHub (Dec 2, 2022):

@McHill007 I have no idea about IIS and its redirect system, but looking at the regex you might have slightly better luck by keeping the end anchor and instead make the slash optional: ^(.*)/?$. Should ensure it matches up to the end while retaining the same behavior you currently have by omitting trailing slashes.

@ssddanbrown commented on GitHub (Dec 2, 2022): @McHill007 I have no idea about IIS and its redirect system, but looking at the regex you might have slightly better luck by keeping the end anchor and instead make the slash optional: `^(.*)/?$`. Should ensure it matches up to the end while retaining the same behavior you currently have by omitting trailing slashes.

OVERLORD commented

2026-02-05 06:31:56 +03:00

@McHill007 commented on GitHub (Dec 2, 2022):

I tried that, but with the rule ^(.*)/?$ I get the mentioned problem with every link - it cuts off the docs/. I also tried to remove the hash tags with a sperate rule - no luck.

@McHill007 commented on GitHub (Dec 2, 2022): I tried that, but with the rule `^(.*)/?$` I get the mentioned problem with every link - it cuts off the docs/. I also tried to remove the hash tags with a sperate rule - no luck.

OVERLORD commented

2026-02-05 06:32:00 +03:00

@ssddanbrown commented on GitHub (Feb 6, 2023):

I'm going to go ahead and close this off since, from above, I have not seen it as an issue in BookStack's handling and since I can't dig into this much further without spending a fair amount of time in an attempt to replicate the environment.

@ssddanbrown commented on GitHub (Feb 6, 2023): I'm going to go ahead and close this off since, from above, I have not seen it as an issue in BookStack's handling and since I can't dig into this much further without spending a fair amount of time in an attempt to replicate the environment.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3371