Login fails with Safari

[trufae]

Describe the bug

I've tested the /admin after creating the user on Firefox, Chrome and Safari. Turns out it works in ff and chrome, but just redirects to /auth/login. From what i've observed the very first request doesn't respond with the Set-Cookie, so the login/pass request is just ignored. I think this is a bug in vweb, but would be good to double check just in case at least to use vaunt as a reproducer.

Expected Behavior

auth works

Current Behavior

auth ignored

Reproduction Steps

$ v run main.v --create-superuser
$ v run main.v
$ open http://localhost:8080/admin

• type admin / admin123 *

Possible Solution

No response

Additional Information/Context

No response

V version

V 0.4.0 ecca3b1

Environment details (OS name and version, etc.)

$ v doctor
V full version: V 0.4.0 ecca3b1
OS: macos, macOS, 13.4.1, 22F82
Processor: 10 cpus, 64bit, little endian, Apple M1 Max

getwd: /Users/pancake/prg/vaunt
vexe: /Users/pancake/prg/v/v
vexe mtime: 2023-08-01 22:30:20

vroot: OK, value: /Users/pancake/prg/v
VMODULES: OK, value: /Users/pancake/.vmodules
VTMP: OK, value: /tmp/v_501

Git version: git version 2.39.2 (Apple Git-143)
Git vroot status: weekly.2022.50-1292-gecca3b15
.git/config present: true

CC version: Apple clang version 14.0.3 (clang-1403.0.22.14.1)
thirdparty/tcc status: thirdparty-macos-arm64 a668e5a0

[Casper64]

Hi, cool you're using Vaunt 😎.
It is normal that you are redirected from /admin to /auth/login the first time, because you still have to login and then the cookies are set. I'll add this to the documentation.

From what i've observed the very first request doesn't respond with the Set-Cookie, so the login/pass request is just ignored

Could you elobrate on this? Are you able to access the admin panel on safari when you login? I am able to login on safari on my iPhone, even after the redirect.

[trufae]

It's not working for me. It doesnt matter which password or user i pass it never says invalid psssword or accesses the admin panel, i tried with safari on desktop. Didnt tried with mobilesafari, but checking the network logs the cookie is never trasnfered

[Casper64]

I think the issue is that the cookie is set with the secure attribute as default, but when developing on http://localhost the cookie will be rejected by safari, because it's not an https website.

Chrome and firefox treat http://localhost as a special domain and allow the cookie.

I can't really test this theory, since I don't own a mac. But I'll see what I can do to make secure optional for dev testing.

It could also be a privacy setting that you have enabled on safari which rejects the cookies.

For now I recommend you develop on chrome/firefox and if you really want to use safari, you could just copy the cookie manually.