mirror of
https://github.com/pocket-id/pocket-id.git
synced 2026-07-16 05:54:01 +03:00
🐛 Bug Report: Deploy without https cause redirection to login page after setup #639
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @PinkD on GitHub (Jan 30, 2026).
Reproduction steps
docker-compose, setAPP_URL=http://10.0.0.1:1411in the.envhttp://10.0.0.1:1411/setupand do the setup. Click on theSign Upbutton. We are redirected to/loginpageThe
setupresponse provided aSet-Cookieheader with theSecureoption included. Because the url is nothttps, the cookie is ignored. So when we visit the/mepage without cookie, we are redirected to/loginI modified
backend/internal/utils/cookie/add_cookie.go, rebuilt the docker image to test, the issue was fixed.ref: #130
If disabling secure cookie won't break anything, maybe we should introduce an option to do that for local test without https?
Expected behavior
After finishing setup, we should go to
/signup/add-passkeypage.Actual Behavior
We are on the
/loginpage.Pocket ID Version
version 2.2.0
Database
sqlite
OS and Environment
docker
Log Output
No response