I want to use one of my NC bookmark app server folders on my company PC. Since a few weeks syncing is not possible any more with the error: Syncing failed with E033: Redirect detected.
( I guess: https://github.com/floccusaddon/floccus/commit/6946fc96c13b108e42af66474d6f1981398416b8)
I'm aware that there is a zscaler proxy which fiddles with the connection. Sync outside of the company network is as expected.
I was not sure whether to label it a bug or feature request. But since it broke a working setup I went with bug.
For this it would be good to have an option, which is default on, to deactivate this redirect check.
2021-04-08T09:10:50.208Z Starting sync process for account user@domain
2021-04-08T09:10:50.212Z Using "merge default" strategy (no cache available)
2021-04-08T09:10:50.221Z Overriding title of built-in node 1 Bookmarks => Bookmarks Bar
2021-04-08T09:10:50.543Z Syncing failed with E033: Redirect detected. Please install the Bookmarks app on your nextcloud and make sure the nextcloud URL you entered doesn't redirect to a different location.
Does the nextcloud URL you entered redirect to a different location? If so, then syncing is unlikely to work reliably. Make sure to enter the redirect target in the floccus settings instead.
Does the nextcloud URL you entered redirect to a different location?
No, the URL stays the same. I am logged in within the same browser to that account on the NC webui. I'm also doing CalDav connections to the same instance from this PC only floccus stopped connecting.
One obvious difference is that the SSL certificate issuer is different. It's from this zscaler proxy system my company uses. That's why I suspected it to be the problem.
My setup hasn't changed when floccus stopped connecting with that error.
_Company PC -https(company cert)-> Company Proxy -https(letsencrypt)-> Home Nginx SSL proxy -(http)-> nginx NC server_
Do you know what exactly is detected as redirect by that function.
According to the spec only 301 or 302 responses should be detected as a redirect.
So, from what I can see at the moment, either your proxy chain somehow returns a 30{1,2} at some point, or your browser is doing something funky.
You could try intercepting network traffic as follows:
about:debugging -> This firefoxdebug button next to floccus entrysync now for the account of your choice.chrome://extensionsDeveloper modedist/html/background.html button in floccus' entry next to "Inspect views: "sync now for the account of your choiceFrom Firefox (and Chrome) I get a 307 from the company proxy:
Request:
GET /nc/index.php/apps/bookmarks/public/rest/v2/folder/-1/hash HTTP/1.1
Host: mydomain.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: /
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Basic **
Connection: keep-alive
Response:
HTTP/1.1 307 Temporary Redirect
Content-Length: 0
Access-Control-Allow-Origin: *
Location: https://gateway.zscaler.net:443/auD?origurl=https%3A%2F%2Fmydomain%2eeu%2fnc%2findex%2ephp%2fapps%2fbookmarks%2fpublic%2frest%2fv2%2ffolder%2f%2d1%2fhash&wexps=1&_ordtok=qk43WVqQF3mkNmPNq2VDq7W0J2
Content-Type: text/html
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Set-Cookie: ssm_au_d=1;SameSite=None;Secure;path=/;domain=mydomain.eu
I get a 307 from the company proxy
Ah. I didn't consider 307 and 308. I'll make sure those are given a pass.
Sadly, it doesn't seem to be possible to distinguish between different redirect status codes :/
So, the options are now
a) prohibit all redirects, breaking 307 and 308
b) allow all redirects, giving a confusing error message for people that unknowingly have a 301/302 in their URL (POSTing to a 301 URL will redirect to a GET, breaking sync)
Update: I've opened an issue for this: https://github.com/whatwg/fetch/issues/1212
It's hard for me to tell how special my case is for your user base. I would be out of options when you choose a).
I don't know how much effort it would be, but
c) to create a GUI (or even more hidden) option: Allow redirects
By default you would block them.