[debug] LiveView session doesn't work with Brave browser #806
Comments
|
I also use Brave and I have never run into any issues. Maybe there is some particular setup in your Brave installation that is making it not work? To be double sure, I just created a new app and everything worked just fine here. |
|
Also be aware that "old" tabs running a previous app on localhost will attempt to reconnect and provide invalid csrftokens. |
|
Closing this as I can’t replicate. If you have more info, please let us know! |
|
I just did a clean Ubuntu 19.10 VM install and re-installed the full phoenix stack from scratch. I can't reproduce the issue on the new VM. Only the old one. Humble apologies for the false alarm. |
|
FWIW I just stumbled upon this problem as well and it was due to a misconfiguration in the In my specific case I was including |
|
I also came across this issue — I use Firefox for development and browsing. Absolutely no issues. Was debugging something else and decided to test on Chrome, clean version with no pre-existing cookies etc. Like @yeraydiazdiaz I also had enabled cookie setting |
|
I have seen this issue in kind of a reversed order. I added |
This is a real issue! Anyone could suggest the cure?? |
|
Brave has known broken websockets (not framework specific) for years now: |
|
But don't anyone panic, you can rest assured that Brave will continue to have those Websocket issues for years to come, because they don't seem to care at all about fixing it. |
Environment
Actual behavior
Start a new app with:
mix phx.new appname --live
mix phx.server
Use Brave browser and Go to:
http://localhost:4000
Get the following:
[info] Sent 200 in 113ms
[debug] LiveView session was misconfigured or the user token is outdated.
Ensure your session configuration in your endpoint is in a module attribute:
@session_options [
...
]
Change the
plug Plug.Sessionto use said attribute:plug Plug.Session, @session_options
Also pass the
@session_optionsto your LiveView socket:socket "/live", Phoenix.LiveView.Socket,
websocket: [connect_info: [session: @session_options]]
Define the CSRF meta tag inside the
<head>tag in your layout:<%= csrf_meta_tag() %>
Pass it forward in your app.js:
let csrfToken = document.querySelector("meta[name='csrf-token']").getAttribute("content");
let liveSocket = new LiveSocket("/live", Socket, {params: {_csrf_token: csrfToken}});
[info] REFUSED CONNECTION TO Phoenix.LiveView.Socket in 256µs
Transport: :websocket
Serializer: Phoenix.Socket.V2.JSONSerializer
Parameters: %{"_csrf_token" => "JxEcKVwQcxU9VFJ0EzRAWAJUZ1sACSUyHKfO5UKsp8d2aL8j2bWosAsS", "vsn" => "2.0.0"}
Expected behavior
Should work out of the box.
Works ok using Firefox and Chrome
Brave's "Shields down" setting for 'localhost' doesn't help.
This isn't a Phoenix issue directly - but unless there's a workaround LiveView won't work for a quickly growing number of web users.
The text was updated successfully, but these errors were encountered: