Blank page loading for new accounts (v 3.50)


I updated my passbolt from v2.x to the latest (v3.5). Users with existing accounts can now connect to the new update without requesting recovery. However, for new users or a browser that was never connected, I get a blank page even though the passbolt plugin (addon) is installed. Checking on browser logs, I get the following:

Hi @Blacky,

This issue is cookie-related. Can you try to clean your cookies and retry ?
Another though, is your fullBaseUrl value in passbolt.php configuration file correct ? It should contain your passbolt URL, starting with https://

Are you still using an installation from source or did you migrated to our Ubuntu package ?

Best regards,

Hi @_jc
I have cleared cookies, even went to the extent of afresh browser installation. But I still get the same error. Check the following screenshots.

I am still using the installation from source.


If you open the developer tools of your browser, and go to the application table, do you have the csrfToken cookie ?

If you have a blank page, you should have your error logged in /var/www/passbolt/logs/error.log.


@_jc ,

I have a CSRFtoken but I still get a blank page. I get logs (error log) when the login page is displayed. But I don’t get any error log output when a blank page loads (I use tail -f and load page). Check the screenshots below:


@Blacky A next step would be to see if there are errors in the browser console. @_jc posted a description here Blank page after login - #4 by _jc

At this point we’re still working to find some errors that give us an understanding of the issue.

The csrfToken cookie should be accessible by the javascript, here the flag httpOnly is enabled where it shouldn’t.

Did you change the default configuration of the cookies in you config/app.php or config/passbolt.php files. Or do you enforce this at another level?

1 Like

I did not make any changes in config/passbolt.php or config/app.php. I will check at the original.

Thanks @cedric, @garrett and @_jc

The httpOnly was edited on previous version because openvaas complained of a vulnerability.

Thank you.

1 Like