Infinite redirects in Firefox

psaffrey · March 24, 2023, 4:45pm

I am using Auth0 to integrate Python Dash applications with Auth0. I am using this wrapping:

dbrambilla13/dash-auth0-auth (github.com)

My app is deployed in AWS ECS behind an ALB and I’m using CloudFlare as the DNS provider. All this works perfectly for most users in Chrome and Edge, but some users are experiencing problems. I’m only able to reproduce in Firefox, so I’m looking there at the moment.

When I first visit the page, I’m asked to login (via an Azure AD integration) and then it redirects and bounces back and forth a few times before complaining like this:

Here is the network log:

I’ve blanked out my domain - I hope this isn’t necessary to debug the problem. You can see that from my page there is a redirect to my auth0 domain (dev-ep515…) with response_type=code and this sends back to callback (on HTTP), which itself redirects to the equivalent on HTTPS and this bounces back to my auth0 domain forever. It does look as if between HTTP and HTTPS the “callback” part of the URL has been stripped - is this needed?

After some Googling, I did find a suggestion to set “Always use private browsing mode” in the history section of Firefox’s Privacy and Security settings and that fixes the problem. Now it looks like this:

but I’m not sure this explains why some users are experiencing problems with Edge and Chrome. I guess there could be a problem with dash-auth0-auth but I’d appreciate any pointers on where to look.

konrad.sopala · March 27, 2023, 6:54am

Hey there!

Unfortunately it will be hard for us to advise on her as you are using a wrapper that is not officially developed by Auth0 but maybe someone else from community will be able to help!

psaffrey · April 6, 2023, 9:47am

OK, I fixed this. I’m really not sure why it was only broken on Firefox, but I’ll document what I did here in case it helps somebody else.

The problem was in the redirect step. My Dash app was hosted on AWS ECS behind an ALB with TLS (https) enabled. I noticed that the redirect requested by my app was to http and not https - the redirect settings in Auth0 were also using http. I had a listener rule set on my ALB redirecting http back to https but that didn’t seem to work on Firefox.

To fix the problem, I used the wsgi Proxy fix documented here:

X-Forwarded-For Proxy Fix — Werkzeug Documentation (0.16.x) (palletsprojects.com)

Once I wrapped my Dash app with this:

app = Dash("my_app")
app.server.wsgi_app = ProxyFix(app.server.wsgi_app, x_for=1, x_host=1)

it properly redirected to https. I had to change my Auth0 redirect configuration to also use https, but that seems like the right choice. After that, the infinite redirect stopped.

konrad.sopala · April 6, 2023, 11:52am

Perfect! Thanks for sharing it with the rest of community!

system · April 20, 2023, 11:52am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Continuous redirects for firefox Help auth0 , login	2	3077	August 15, 2019
Auth fail && loop refresh in Firefox && Anonymous tab chrome Help angular , auth0 , firefox	4	6234	April 24, 2021
Angular 9 application with Auth0 keeps on redirecting after successful login in Firefox Help angular , auth0 , redirect , firefox	9	12639	July 18, 2020
Auth0-react in incognito mode running infinite redirect loop Help auth0-react , login-experience , sdks-quickstarts	1	2076	April 18, 2023
Continuous redirect to authentication in Firefox Help authentication , issue , firefox	7	6511	March 2, 2018

Infinite redirects in Firefox

Related topics