Adding security key not possible #2505

Closed
opened 2025-11-02 04:38:51 -06:00 by GiteaMirror · 0 comments
Owner

Originally created by @pheerai on GitHub (Nov 8, 2018).

  • Gitea version (or commit ref): 1.5.3
  • Git version: 2.11.0
  • Operating system: Linux 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u6 (2018-10-08) x86_64 GNU/Linux
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No (but that one throws an HTTP 500 on registering, so no real possibility for that)
    • Not relevant
  • Log gist: https://gist.github.com/pheerai/5076734a2e962fcb7246810f869a491a
    (Note that the last line is unrelated to the issue and seems to be triggered by some sweep scan)

Description

On my setup using a gitea instance behind an NGinx reverse proxy using a root URL of the form https://example.org/git/ I cannot add a security key.

This seems to emerge from the fact that the URL of the security key form does not respect the fiven root (it is https://example.org/user/settings/security/u2f/request_register instead of https://example.org/git/user/settings/security/u2f/request_register

Screenshots

This is the debug output of the request that occurs in the moment I click the "add security key" button. It fails as the intermediate /git is missing.

gitea_u2f_error_redacted

Originally created by @pheerai on GitHub (Nov 8, 2018). <!-- 1. Please speak English, this is the language all of us can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/NsatcWJ) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.5.3 - Git version: 2.11.0 - Operating system: `Linux 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u6 (2018-10-08) x86_64 GNU/Linux` - Database (use `[x]`): - [ ] PostgreSQL - [X] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [X] No (but that one throws an HTTP 500 on registering, so no real possibility for that) - [ ] Not relevant - Log gist: https://gist.github.com/pheerai/5076734a2e962fcb7246810f869a491a (Note that the last line is unrelated to the issue and seems to be triggered by some sweep scan) ## Description On my setup using a gitea instance behind an NGinx reverse proxy using a root URL of the form `https://example.org/git/` I cannot add a security key. This seems to emerge from the fact that the URL of the security key form does not respect the fiven root (it is `https://example.org/user/settings/security/u2f/request_register` instead of `https://example.org/git/user/settings/security/u2f/request_register` ## Screenshots This is the debug output of the request that occurs in the moment I click the "add security key" button. It fails as the intermediate `/git` is missing. ![gitea_u2f_error_redacted](https://user-images.githubusercontent.com/1502291/48217441-a39f0d00-e387-11e8-8994-ad81bc4444a7.png)
GiteaMirror added the type/bug label 2025-11-02 04:38:51 -06:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#2505