secure attachments manual + own logo breaks oicd #4443

New Issue

Closed

opened 2026-02-05 08:54:10 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-05 08:54:10 +03:00

Owner

Copy Link

Originally created by @DunklerPhoenix on GitHub (Jan 31, 2024).

Describe the Bug

If I set a custom logo, the attachments to local_secure_restricted or local_secure, move all images from public/uploads/images to storage/upload/images then the logo doesn't get loaded anymore.
This breaks the oicd, because the oicd provider (authelia) says that the request was invalid because it was sent twice.
("the client is using the explicit consent mode and this consent session has already been responded to")
If I move the images back to public, oicd is working again.

Steps to Reproduce

1. Use authelia as oicd
2. Set a custom bookstack logo
3. Set up oicd in bookstack
4. (Optional) set auto login in bookstack oicd settings
5. Set the attachments configuration to local_secure_restricted
6. Move the whole content from public/uploads/images to storage/uploads/images
7. Try to log in
8. The first 1 or 2 logins works (maybe because of the cached logo)
9. If the logo isnt in the cache anymore it cant be loaded and the oicd request get into a endless loop because of:
10. "the client is using the explicit consent mode and this consent session has already been responded to"

Expected Behaviour

The logo gets always loaded or the manual mentions an explicit exception of the folder with the logo image while moving from public to storage

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

23.12.2

Edit:
No additional error logs are generated by authelia or bookstack. Just the error message above.

Originally created by @DunklerPhoenix on GitHub (Jan 31, 2024). ### Describe the Bug If I set a custom logo, the attachments to local_secure_restricted or local_secure, move all images from public/uploads/images to storage/upload/images then the logo doesn't get loaded anymore. This breaks the oicd, because the oicd provider (authelia) says that the request was invalid because it was sent twice. ("the client is using the explicit consent mode and this consent session has already been responded to") If I move the images back to public, oicd is working again. ### Steps to Reproduce 1. Use authelia as oicd 2. Set a custom bookstack logo 3. Set up oicd in bookstack 4. (Optional) set auto login in bookstack oicd settings 5. Set the attachments configuration to local_secure_restricted 6. Move the whole content from public/uploads/images to storage/uploads/images 7. Try to log in 8. The first 1 or 2 logins works (maybe because of the cached logo) 9. If the logo isnt in the cache anymore it cant be loaded and the oicd request get into a endless loop because of: 10. "the client is using the explicit consent mode and this consent session has already been responded to" ### Expected Behaviour The logo gets always loaded or the manual mentions an explicit exception of the folder with the logo image while moving from public to storage ### Screenshots or Additional Context _No response_ ### Browser Details _No response_ ### Exact BookStack Version 23.12.2 Edit: No additional error logs are generated by authelia or bookstack. Just the error message above.

OVERLORD added the 🐛 Bug label 2026-02-05 08:54:10 +03:00

OVERLORD closed this issue 2026-02-05 08:54:14 +03:00

OVERLORD commented 2026-02-05 08:54:22 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jan 31, 2024):

Hi @DunklerPhoenix,
After migrating to a "secure" storage option, re-upload any app-icons so they get placed into the public storage space again. Alternatively you could selectively leave these specific images in the public space, but that may be more fiddly.

@ssddanbrown commented on GitHub (Jan 31, 2024): Hi @DunklerPhoenix, After migrating to a "secure" storage option, re-upload any app-icons so they get placed into the public storage space again. Alternatively you could selectively leave these specific images in the public space, but that may be more fiddly.

OVERLORD commented 2026-02-05 08:54:24 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Mar 9, 2024):

Since this was answered with no further follow-up I'll go ahead and close this off.

@ssddanbrown commented on GitHub (Mar 9, 2024): Since this was answered with no further follow-up I'll go ahead and close this off.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐛 Bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4443