Reverse Proxy doesn't set path of auth cookie #5626
Description
Describe the problem
The cookie set by the auth control of the reverse proxy is missing the Path options (src). According to MDN if the path is omitted, the browser will fill in the path component of the request URL (docs).
This causes issues with services such as Immichs share feature, as the share URL will look like example.com/share/aaabbcccc, but when opening it, it will also try to load resources from example.com/_app/xyz. Since the cookie is set with path /share, the requests to /_app will fail with 401.
To Reproduce
Steps to reproduce the behavior:
- Host some kind of webserver (for example this dummy one using
ncat:while true ; do ncat -l -p 1500 -c 'echo "HTTP/1.1 200 OK\n\n $(date)"'; done) - Expose it as a reverse proxy service protected by authentication
- Navigate to
/hello/worldand authenticate - Navigate to
/foo/barand observe that you need to authenticate again
Expected behavior
Authentication should only happen once.
Are you using NetBird Cloud?
NetBird Cloud
NetBird version
0.65.3
Is any other VPN software installed?
No
Have you tried these troubleshooting steps?
- Reviewed client troubleshooting (not applicable)
- Checked for newer NetBird versions
- Searched for similar issues on GitHub (including closed ones)
- Restarted the NetBird client
- Disabled other VPN software
- Checked firewall settings