Verified Commit 5fb2abdf authored by Sheogorath's avatar Sheogorath 🛫

mastodon: Fix 422-"Security verification failed"-errors

Mastodon was throwing "Security verification failed. Are you blocking
you blocking cookies?"-errors with an HTTP status 422[1]. This was
caused by the recent change of the docker-compose template in this
role. [2]

The result were the mentioned 422 HTTP errors during post requests. For
example an admin action or even a simply logout. The cause for those 422
status was the addition of the `no-referrer` instruction in the
`referrer`-policy. In Firefox setting the policy like this does not
only, as the policy requires, omit the `Referer`-Header but also sets
the `Origin`-Header to `null`.

To put it nicely: Mastodon hates that.[3] It simply results in a 422
since ruby doesn't seems to want to handle such a request.[4] As it was
pointed out in a related issue.[5]

Therefore this patch changes the policy from `no-referrer` to `same-origin`.

[1]: https://tools.ietf.org/html/rfc4918#section-11.2
[2]: cbfef883
[3]: https://github.com/tootsuite/mastodon/issues/7738
[4]: https://github.com/rails/rails/issues/28299#issuecomment-335264502
[5]: https://github.com/tootsuite/mastodon/issues/6366#issuecomment-360803408
parent bd87d02d
......@@ -8,7 +8,7 @@ services:
labels:
- "traefik.frontend.rule=Host:{{ mastodon_domain }};PathPrefix:/"
- "traefik.frontend.headers.STSSeconds=63072000"
- "traefik.frontend.headers.referrerPolicy=no-referrer"
- "traefik.frontend.headers.referrerPolicy=same-origin"
- "traefik.enable=true"
{% if proxy_network is defined %}
- "traefik.docker.network={{ proxy_network }}"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment