No Login since some days - white screen [needed "base" subdir setting]

Hi there

I´m stuck at running passbolt.
When I call the URL only a white page appears.

The browser debug says
in Opera

Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "img-src 'self'".

login:1 Refused to load the script 'https://www.XXXXXXXXXXXX.com/passbolt/passbolt/js/app/stylesheet.js?v=3.10.0' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

login:1 Refused to load the script 'https://www.XXXXXXXXXXXX.com/passbolt/passbolt/js/app/api-vendors.js?v=3.10.0' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

login:1 Refused to load the script 'https://www.XXXXXXXXXXXX.com/passbolt/passbolt/js/app/api-triage.js?v=3.10.0' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

DevTools failed to load source map: Could not load content for chrome-extension://gbekmpnpfkkijbodegokaigmhedbbkmg/scripts/contentscript_chrome.js.map: System error: net::ERR_BLOCKED_BY_CLIENT

in Firefox

Loading failed for the <script> with source “https://www.XXXXXXXXXXXX.com/passbolt/passbolt/js/app/stylesheet.js?v=3.10.0”. login:46:1
Loading failed for the <script> with source “https://www.XXXXXXXXXXXX.com/passbolt/passbolt/js/app/api-vendors.js?v=3.10.0”. login:51:1
Loading failed for the <script> with source “https://www.XXXXXXXXXXXX.com/passbolt/passbolt/js/app/api-triage.js?v=3.10.0”. login:51:1
Content Security Policy: The page's settings blocked the loading of a resource at https://www.XXXXXXXXXXXX.com/passbolt/passbolt/js/app/stylesheet.js?v=3.10.0 ("script-src"). login
Content Security Policy: The page's settings blocked the loading of a resource at https://www.XXXXXXXXXXXX.com/passbolt/passbolt/js/app/api-vendors.js?v=3.10.0 ("script-src"). login
Content Security Policy: The page's settings blocked the loading of a resource at https://www.XXXXXXXXXXXX.com/passbolt/passbolt/js/app/api-triage.js?v=3.10.0 ("script-src"). login
Content Security Policy: The page's settings blocked the loading of a resource at https://www.XXXXXXXXXXXX.com/passbolt/passbolt/favicon_228.png ("img-src"). FaviconLoader.jsm:180:19
Content Security Policy: The page's settings blocked the loading of a resource at https://www.XXXXXXXXXXXX.com/passbolt/passbolt/favicon.ico ("img-src"). FaviconLoader.jsm:180:19
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Source: window.__cmp && typeof __cmp("getCMPData… login
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Source: typeof window.utag !== 'undefined' && ty… login
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Source: window.__cmp && typeof __cmp("getCMPData… login
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Source: typeof window.utag !== 'undefined' && ty… login
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Source: window.__cmp && typeof __cmp("getCMPData… login
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Source: typeof window.utag !== 'undefined' && ty… login
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Source: window.__cmp && typeof __cmp("getCMPData…

healthcheck says

sudo -H -u www-data bash -c "/var/www/html/passbolt/bin/cake passbolt healthcheck --verbose"

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell         
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 8.0.28.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://www.XXXXXXXXXXXX.com/passbolt
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
 [PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in /var/www/html/passbolt/config/passbolt.php and readable.
 [PASS] The private key file is defined in /var/www/html/passbolt/config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in /var/www/html/passbolt/config/passbolt.php.
 [PASS] The server public key defined in the /var/www/html/passbolt/config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (3.10.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] The Self Registration plugin is enabled.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] The deprecated self registration public setting was not found in /var/www/html/passbolt/config/passbolt.php.
 [WARN] Host availability checking is disabled.
 [HELP] Make sure this instance is not publicly available on the internet.
 [HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
 [HELP] Or set passbolt.email.validate.mx to true in /var/www/html/passbolt/config/passbolt.php.
 [PASS] Serving the compiled version of the javascript app.
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /var/www/html/passbolt/config/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 SMTP Settings

 [PASS] The SMTP Settings plugin is enabled.
 [PASS] SMTP Settings coherent. You may send a test email to validate them.
 [PASS] The SMTP Settings source is: database.
 [WARN] The SMTP Settings plugin endpoints are enabled.
 [HELP] It is recommended to disable the plugin endpoints.
 [HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
 [HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /var/www/html/passbolt/config/passbolt.php.

 [PASS] No error found. Nice one sparky!

What to do?

BTW: I also have a little bug-report:
If the logs-directory is missing the healthcheck returns
…
[FAIL] The logs directory and its content are not writable.
[HELP] Ensure the logs directory and its content are writable by the user the webserver user.
[HELP] you can try:
[HELP] sudo chown -R www-data:www-data /var/www/html/passboltlogs
[HELP] sudo chmod 775 $(find /var/www/html/passboltlogs -type d)
[HELP] sudo chmod 664 $(find /var/www/html/passboltlogs -type f)
…
There are some missing / in passboltlogs. This should say it should be passbolt/logs

At least confusing

Ok, I solved it by myself.

The solution was changing

‘fullBaseUrl’ => ‘https://www.XXXXXXXXXXXX.com/passbolt’, to ‘fullBaseUrl’ => ‘https://XXXXXXXXXXXX.com/passbolt’,

Probably the apache adds the www. to the url.

Great - and now I´m getting An error occurred: Sorry, new users can only put 2 links in a post.

So, I have to make a third post - just because I dont want to cripple the links
Some decisions from forum-admins are weird…

However - I found a more issues:

• https://www.XXXXXXXXXXXX.com/passbolt/app/settings/mfa isnt working.
• At logout this url is called: https://XXXXXXXXXXXX.com/passbolt/passbolt/auth/login -which results in a 404

Everything else is working fine.

I’m going to guess that it has to do with your path resolution. The missing / may be due to your settings. The double passbolt may also be related.

If you are installing from source, which OS, which web server?

What are your URL configurations in passbolt.php?

Hi garrett

The URL configuration I posted before:
'fullBaseUrl' => 'https://XXXXXXXXXXX.com/passbolt',
Is there anything wrong with this?

OK, there are more things not working

https://www.XXXXXXXXXX.com/passbolt/users/recover?locale=de-DE

is also not working…

I´ll check all URLs in all the configs.
How its supposed to be? With www or without?

Oh, sudo -H -u www-data bash -c “/var/www/html/passbolt/bin/status-report” is now giving me errors:

2023-02-21 21:03:20 error: [Cake\Routing\Exception\MissingRouteException] A route matching “/passbolt/auth/login” could not be found. in /var/www/html/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /passbolt/auth/login
Client IP: 333.333.333.333

About 21 times.

The directory structure looks like this
tree -d -L 2 passbolt
passbolt
|-- bin
|-- config
| |-- gpg
| |-- jwt
| |-- Migrations
| |-- schema
| -- Seeds |-- logs |-- plugins | – PassboltCe
|-- resources
| -- locales |-- src | |-- Authenticator | |-- Command | |-- Console | |-- Controller | |-- Error | |-- Log | |-- Mailer | |-- Middleware | |-- Model | |-- Notification | |-- Service | |-- ServiceProvider | |-- Utility | – View
|-- templates
| |-- Auth
| |-- element
| |-- email
| |-- Error
| |-- Healthcheck
| |-- Home
| |-- layout
| -- Setup |-- tests | |-- Factory | |-- Fixture | |-- Lib | – TestCase
|-- tmp
| |-- avatars
| |-- cache
| -- selenium |-- vendor | |-- amphp | |-- bacon | |-- bcrowe | |-- beberlei | |-- bin | |-- brick | |-- cakephp | |-- composer | |-- dasprid | |-- dealerdirect | |-- dnoegel | |-- doctrine | |-- donatj | |-- duosecurity | |-- enygma | |-- fakerphp | |-- felixfbecker | |-- firebase | |-- imagine | |-- jasny | |-- jdorn | |-- justinrainbow | |-- laminas | |-- league | |-- lorenzo | |-- mobiledetect | |-- myclabs | |-- netresearch | |-- nikic | |-- openlss | |-- paragonie | |-- passbolt | |-- phar-io | |-- phpdocumentor | |-- phpseclib | |-- phpstan | |-- phpunit | |-- psr | |-- psy | |-- ramsey | |-- react | |-- robmorgan | |-- sebastian | |-- seld | |-- singpolyma | |-- slevomat | |-- spomky-labs | |-- squizlabs | |-- symfony | |-- theseer | |-- twig | |-- vierge-noire | |-- vimeo | – webmozart
-- webroot |-- css |-- fonts |-- img |-- js – locales

Questions for you:

• Are you wanting www subdomain or not?
• Do you want the URL to have passbolt in it?

Hi garrett
no, no subdomain
The url is www.site.com/passbolt

And - if I havent mentioned yet - the webserver is Apache

Just to make sure - you need mod_rewrite installed:

image895×88 4 KB

If you do not want www then the fullBaseUrl should not have it. So, if it doesn’t, but you are still getting sent to www.yourdomain then I would guess either your DNS provider is redirecting the main domain to the www subdomain, or your Apache settings are redirecting. You could post Apache settings if you’d like.

Regarding a subdirectory, see As a user I cannot use passbolt API in a subdirectory · Issue #252 · passbolt/passbolt_api · GitHub

Hi garrett

your post helped.
mod_rewrite was enabled, but the change with the subdirectory helped.

Thank you for your help!