Feeling Lucky
No Code Attached Yet
bug
[#39610] - The sec-gpc header causes login to fail on Edge
- Closed
- 12 Jul 2023
- Medium
- Build: 3.10
- # 39610
Steps to reproduce the issue
- Set up a login menu item that is a different component from the home menu item.
- Using the Edge browser, use an extension to add
sec-gpc: 1to headers. - Try logging in.
Expected result
You log in normally.
Actual result
You get the error:
0 - Invalid controller: name='user', format=''
System information (as much as possible)
Server:
- Joomla 3.10
- LAMP Stack
- PHP 8.1.12
- MariaDB 10.6.8
Browser
- Windows 10 with Edge installed.
- The user originally encountered the issue with the "Avast Online Security & Privacy" extension installed, but just the header is enough to cause the issue for me.
Additional comments
The issue seems to be that when the form is submitted, the home page menu item controller is used instead of the login menu item controller. That causes issues in getInstance() in BaseController.php, generating a non-existent file path and throwing that error.
I'm not sure whether you'll look at bugs for Joomla 3.10, but it might be worth looking into whether the problem exists for Joomla 4 too.
| Labels |
Removed:
?
|
||
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
Hackwar
- | Labels |
Added:
bug
|
||
alikon
- | Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2023-07-12 07:53:51 |
| Closed_By | ⇒ | alikon |
Obscerno
- comment
- 12 Jul 2023
Ah okay. It's unfortunate that users won't be able to log into a Joomla site with the Avast extension, but I suppose you can't support every extension. If it were up to me I'd uninstall it from everyone's browsers but I can't do that, or make them uninstall it either.
That header is an experimental feature that is not supported by any of the supported browsers
https://caniuse.com/mdn-http_headers_sec-gpc