Details
Description
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
On a site that allows anonymous access to several pages, clicking on a restricted page will redirect you to a login page. In certain circumstances, after login the user will be redirected to their preferred homepage.action, rather than the page. This can occur when the page permissions prevent viewing the page, but space permissions would normally allow it.
If the space prevents access, the redirect will complete normally.
This can only occur where there is a reverse proxy server in front of the servlet container running Confluence, and Confluence is configured with a base URL that points to the proxy server, rather than Confluence's own server.
Diagnosis
This issue can be diagnosed by
- Enabling debug logging on the following packages:
com.atlassian.confluence.pages.actions com.atlassian.seraph
- When not logged in, browsing to a page known to cause the issue
- Inspecting the atlassian-confluence.log and noting that PageNotPermittedAction invokes setPage immediately before BaseLoginFilter attempts login for a URL with the wrong prefix
- Repeating for a page known not to cause the issue, and noting no similar pattern in the logs.
Workaround
Set the Confluence base URL to be its own URL - this will resolve this issue, but may still cause other issues in javascript. Test with care.
Attachments
Issue Links
- relates to
-
CONFCLOUD-22544 Redirect after login for certain pages can be discarded
-
- Closed
-