[GH-ISSUE #863] HTTP redirect detection breaks connection in some (corporate) networks #558

New issue

Closed

opened 2026-02-25 22:37:29 +03:00 by kerem · 10 comments

kerem commented 2026-02-25 22:37:29 +03:00

Owner

Copy link

Originally created by @efelon on GitHub (Apr 8, 2021).
Original GitHub issue: https://github.com/floccusaddon/floccus/issues/863

Describe the bug

I want to use one of my NC bookmark app server folders on my company PC. Since a few weeks syncing is not possible any more with the error: Syncing failed with E033: Redirect detected.
( I guess: github.com/floccusaddon/floccus@6946fc96c1)

I'm aware that there is a zscaler proxy which fiddles with the connection. Sync outside of the company network is as expected.

I was not sure whether to label it a bug or feature request. But since it broke a working setup I went with bug.

Expected behavior

For this it would be good to have an option, which is default on, to deactivate this redirect check.

Desktop

• OS: Windows 10
• Browser chrome, firefox, brave
• Floccus version: 4.6.1
• Floccus sync method: nextcloud bookmarks

Server

• OS: [Raspberry Pi OS buster]
• Nextcloud version: [21.0]
• Bookmarks app version: [4.1.0]

Debug log

• Debug log provided

2021-04-08T09:10:50.208Z Starting sync process for account user@domain
2021-04-08T09:10:50.212Z Using "merge default" strategy (no cache available)
2021-04-08T09:10:50.221Z Overriding title of built-in node 1 Bookmarks => Bookmarks Bar
2021-04-08T09:10:50.543Z Syncing failed with E033: Redirect detected. Please install the Bookmarks app on your nextcloud and make sure the nextcloud URL you entered doesn't redirect to a different location.

Originally created by @efelon on GitHub (Apr 8, 2021). Original GitHub issue: https://github.com/floccusaddon/floccus/issues/863 ### Describe the bug I want to use one of my NC bookmark app server folders on my company PC. Since a few weeks syncing is not possible any more with the error: `Syncing failed with E033: Redirect detected. ` ( I guess: https://github.com/floccusaddon/floccus/commit/6946fc96c13b108e42af66474d6f1981398416b8) I'm aware that there is a zscaler proxy which fiddles with the connection. Sync outside of the company network is as expected. I was not sure whether to label it a bug or feature request. But since it broke a working setup I went with bug. ### Expected behavior For this it would be good to have an option, which is default on, to deactivate this redirect check. ### Desktop - OS: Windows 10 - Browser chrome, firefox, brave - Floccus version: 4.6.1 - Floccus sync method: nextcloud bookmarks ### Server - OS: [Raspberry Pi OS buster] - Nextcloud version: [21.0] - Bookmarks app version: [4.1.0] ### Debug log - [x] Debug log provided ``` 2021-04-08T09:10:50.208Z Starting sync process for account user@domain 2021-04-08T09:10:50.212Z Using "merge default" strategy (no cache available) 2021-04-08T09:10:50.221Z Overriding title of built-in node 1 Bookmarks => Bookmarks Bar 2021-04-08T09:10:50.543Z Syncing failed with E033: Redirect detected. Please install the Bookmarks app on your nextcloud and make sure the nextcloud URL you entered doesn't redirect to a different location. ```

kerem 2026-02-25 22:37:29 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-25 22:37:30 +03:00

Author

Owner

Copy link

@marcelklehr commented on GitHub (Apr 8, 2021):

Does the nextcloud URL you entered redirect to a different location? If so, then syncing is unlikely to work reliably. Make sure to enter the redirect target in the floccus settings instead.

<!-- gh-comment-id:815662777 --> @marcelklehr commented on GitHub (Apr 8, 2021): Does the nextcloud URL you entered redirect to a different location? If so, then syncing is unlikely to work reliably. Make sure to enter the redirect target in the floccus settings instead.

kerem commented 2026-02-25 22:37:30 +03:00

Author

Owner

Copy link

@efelon commented on GitHub (Apr 8, 2021):

Does the nextcloud URL you entered redirect to a different location?

No, the URL stays the same. I am logged in within the same browser to that account on the NC webui. I'm also doing CalDav connections to the same instance from this PC only floccus stopped connecting.
One obvious difference is that the SSL certificate issuer is different. It's from this zscaler proxy system my company uses. That's why I suspected it to be the problem.

My setup hasn't changed when floccus stopped connecting with that error.
Company PC -https(company cert)-> Company Proxy -https(letsencrypt)-> Home Nginx SSL proxy -(http)-> nginx NC server

Do you know what exactly is detected as redirect by that function.

<!-- gh-comment-id:815831171 --> @efelon commented on GitHub (Apr 8, 2021): > Does the nextcloud URL you entered redirect to a different location? No, the URL stays the same. I am logged in within the same browser to that account on the NC webui. I'm also doing CalDav connections to the same instance from this PC only floccus stopped connecting. One obvious difference is that the SSL certificate issuer is different. It's from this zscaler proxy system my company uses. That's why I suspected it to be the problem. My setup hasn't changed when floccus stopped connecting with that error. _Company PC -https(company cert)-> Company Proxy -https(letsencrypt)-> Home Nginx SSL proxy -(http)-> nginx NC server_ Do you know what exactly is detected as redirect by that function.

kerem commented 2026-02-25 22:37:30 +03:00

Author

Owner

Copy link

@marcelklehr commented on GitHub (Apr 8, 2021):

According to the spec only 301 or 302 responses should be detected as a redirect.

So, from what I can see at the moment, either your proxy chain somehow returns a 30{1,2} at some point, or your browser is doing something funky.

You could try intercepting network traffic as follows:

Firefox

• Go to about:debugging -> This firefox
• click on debug button next to floccus entry
• go to the network tab in the inspector tab
• trigger a sync by clicking on sync now for the account of your choice.
• check the failing network requests

Chrome

• Go to chrome://extensions
• enable Developer mode
• click on dist/html/background.html button in floccus' entry next to "Inspect views: "
• go to the network tab in the inspector window
• trigger a sync by clicking on sync now for the account of your choice
• check the failing network requests

<!-- gh-comment-id:815855980 --> @marcelklehr commented on GitHub (Apr 8, 2021): According to [the spec](https://fetch.spec.whatwg.org/#dom-response-redirected) only 301 or 302 responses should be detected as a redirect. So, from what I can see at the moment, either your proxy chain somehow returns a 30{1,2} at some point, or your browser is doing something funky. You could try intercepting network traffic as follows: #### Firefox * Go to `about:debugging` -> `This firefox` * click on `debug` button next to floccus entry * go to the network tab in the inspector tab * trigger a sync by clicking on `sync now` for the account of your choice. * check the failing network requests #### Chrome * Go to `chrome://extensions` * enable `Developer mode` * click on `dist/html/background.html` button in floccus' entry next to "Inspect views: " * go to the network tab in the inspector window * trigger a sync by clicking on `sync now` for the account of your choice * check the failing network requests

kerem commented 2026-02-25 22:37:30 +03:00

Author

Owner

Copy link

@efelon commented on GitHub (Apr 8, 2021):

From Firefox (and Chrome) I get a 307 from the company proxy:

Request:

GET /nc/index.php/apps/bookmarks/public/rest/v2/folder/-1/hash HTTP/1.1
Host: mydomain.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: /
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Basic ****
Connection: keep-alive

Response:

HTTP/1.1 307 Temporary Redirect
Content-Length: 0
Access-Control-Allow-Origin: *
Location: https://gateway.zscaler.net:443/auD?origurl=https%3A%2F%2Fmydomain%2eeu%2fnc%2findex%2ephp%2fapps%2fbookmarks%2fpublic%2frest%2fv2%2ffolder%2f%2d1%2fhash&wexps=1&_ordtok=qk43WVqQF3mkNmPNq2VDq7W0J2
Content-Type: text/html
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Set-Cookie: ssm_au_d=1;SameSite=None;Secure;path=/;domain=mydomain.eu

<!-- gh-comment-id:815870611 --> @efelon commented on GitHub (Apr 8, 2021): From Firefox (and Chrome) I get a 307 from the company proxy: **Request:** > GET /nc/index.php/apps/bookmarks/public/rest/v2/folder/-1/hash HTTP/1.1 Host: mydomain.eu User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0 Accept: */* Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate, br Authorization: Basic **** Connection: keep-alive **Response:** > HTTP/1.1 307 Temporary Redirect Content-Length: 0 Access-Control-Allow-Origin: * Location: https://gateway.zscaler.net:443/auD?origurl=https%3A%2F%2Fmydomain%2eeu%2fnc%2findex%2ephp%2fapps%2fbookmarks%2fpublic%2frest%2fv2%2ffolder%2f%2d1%2fhash&wexps=1&_ordtok=qk43WVqQF3mkNmPNq2VDq7W0J2 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM" Set-Cookie: ssm_au_d=1;SameSite=None;Secure;path=/;domain=mydomain.eu

kerem commented 2026-02-25 22:37:30 +03:00

Author

Owner

Copy link

@marcelklehr commented on GitHub (Apr 8, 2021):

I get a 307 from the company proxy

Ah. I didn't consider 307 and 308. I'll make sure those are given a pass.

<!-- gh-comment-id:816065155 --> @marcelklehr commented on GitHub (Apr 8, 2021): > I get a 307 from the company proxy Ah. I didn't consider 307 and 308. I'll make sure those are given a pass.

kerem commented 2026-02-25 22:37:30 +03:00

Author

Owner

Copy link

@marcelklehr commented on GitHub (Apr 9, 2021):

Sadly, it doesn't seem to be possible to distinguish between different redirect status codes :/

So, the options are now

a) prohibit all redirects, breaking 307 and 308
b) allow all redirects, giving a confusing error message for people that unknowingly have a 301/302 in their URL (POSTing to a 301 URL will redirect to a GET, breaking sync)

Update: I've opened an issue for this: https://github.com/whatwg/fetch/issues/1212

<!-- gh-comment-id:816567465 --> @marcelklehr commented on GitHub (Apr 9, 2021): Sadly, it doesn't seem to be possible to distinguish between different redirect status codes :/ So, the options are now a) prohibit all redirects, breaking 307 and 308 b) allow all redirects, giving a confusing error message for people that unknowingly have a 301/302 in their URL (POSTing to a 301 URL will redirect to a GET, breaking sync) Update: I've opened an issue for this: https://github.com/whatwg/fetch/issues/1212

kerem commented 2026-02-25 22:37:30 +03:00

Author

Owner

Copy link

@efelon commented on GitHub (Apr 9, 2021):

It's hard for me to tell how special my case is for your user base. I would be out of options when you choose a).

I don't know how much effort it would be, but

c) to create a GUI (or even more hidden) option: Allow redirects

By default you would block them.

<!-- gh-comment-id:816724270 --> @efelon commented on GitHub (Apr 9, 2021): It's hard for me to tell how special my case is for your user base. I would be out of options when you choose a). I don't know how much effort it would be, but c) to create a GUI (or even more hidden) option: **Allow redirects** By default you would block them.

kerem commented 2026-02-25 22:37:30 +03:00

Author

Owner

Copy link

@marcelklehr commented on GitHub (Jul 14, 2021):

I think c is a good path forward. :)

<!-- gh-comment-id:880034916 --> @marcelklehr commented on GitHub (Jul 14, 2021): I think c is a good path forward. :)

kerem commented 2026-02-25 22:37:30 +03:00

Author

Owner

Copy link

@efelon commented on GitHub (Aug 6, 2021):

Thank you very much.
I confirm the fix is working.

<!-- gh-comment-id:894504540 --> @efelon commented on GitHub (Aug 6, 2021): Thank you very much. I confirm the fix is working.

kerem commented 2026-02-25 22:37:30 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Mar 20, 2023):

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

<!-- gh-comment-id:1476936860 --> @github-actions[bot] commented on GitHub (Mar 20, 2023): This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/fast-xml-parser-5.7.0

dependabot/npm_and_yarn/xmldom/xmldom-0.8.13

dependabot/npm_and_yarn/protocol-buffers-schema-3.6.1

master

fix/xml-entity-limit

all-contributors/add-aaryanvangari

fix/subscanner-residuals

test/subscanner-residuals

test/problematic-seeds

perf/improve-build-time

perf/native-startup

fix/continuation-null-cheks

dropbox

fix/clear-indexeddb-after-sync

dependabot/npm_and_yarn/vuetify-3.11.4

fix/slim-down-continuation

test/background-worker

refactor/fail-build-if-native-uses-browser-api

feat/improve-failsafe-wording

dependabot/npm_and_yarn/multi-0520f5abeb

feat/release-build

fix/more-mapping-errors

dependabot/npm_and_yarn/intl-messageformat-10.7.18

enh/split-sync-interval-and-auto-sync

enh/gdrive-timeout

feat/safari

feat/capabilities

feat/xxhash3

feat/murmur3

fix/gdrive-error-handling

fix/correctness-fixes

fix/linkwarden

feat/orion

fix/nocache-tests

feat/tab-groups

fix/git-never-force-push

fix/xbel-parse-errors

fix/git-push-errors

fix/chrome-main-folder-ids

dependabot/npm_and_yarn/multi-a9f852c250

chore/use-local-linkwarden-container-in-ci

all-contributors/add-balthanon

dependabot/npm_and_yarn/multi-7c5da94753

fix/revert-indexeddb-logger

fix/acknowlegde-abuse

dependabot/npm_and_yarn/eslint-import-resolver-webpack-0.13.10

fix/rip-out-continuations

fix/webdav-filesize-depth-header

fix/changes-while-syncing

fix/addition-failsafe-minimum

feat/indexeddb-logs

feat/addition-failsafe

fix/webdav-check-filesize

fix/orion

fix/bounded-exponential-backoff

fix/dont-repeat-on-sync-fail

fix-tests

fix/speedup-tab-update-cb

all-contributors/add-andybalaam

all-contributors/add-macrogreg

fix/parse-tag-value

fix/cleanup-deps

refactor/partial-set-data-with-lock

fix/nc-bookmarks-update

fix/move-stabiltiy-same-titled-folders

fix/ios-share-extension

fix/update-selenium

fix/chrome-net-errors

enh/nc-bm-js

sentry

fix/unidirectional-scanner-shoudl-use-mappings

enh/interrupts

dependabot/npm_and_yarn/vue-loader-17.4.2

ci/build-ios

enh/manifest-v3

release/4.19.0

fix/codeql

fix/google-drive-ios

all-contributors/add-dmotte

fix/unidirectional-sync

fix/interrupts

all-contributors/add-pinpontitit

all-contributors/add-dsiminiuk

test/old-apis

test/interrupts-on-nextcloud-bookmarks

feature/no-hashing-in-diff

feature/improve-diff-performance

capacitor

enh/rename-nextcloud-folders

fix/complex-hierarchy-reversal-2

tests/coverage

feature/google-drive

dependabot/npm_and_yarn/eslint-plugin-vue-7.6.0

fix/crypto

dependabot/npm_and_yarn/sass-1.32.7

dependabot/npm_and_yarn/css-loader-5.0.2

dependabot/npm_and_yarn/webpack-cli-4.5.0

fix/performance-hash-caching

dependabot/npm_and_yarn/eslint-plugin-standard-5.0.0

dependabot/npm_and_yarn/sass-loader-10.1.1

dependabot/npm_and_yarn/eslint-import-resolver-webpack-0.13.0

dependabot/npm_and_yarn/webpack-merge-5.7.3

dependabot/npm_and_yarn/p-queue-6.6.2

dependabot/npm_and_yarn/throttle-debounce-3.0.1

fix/lww-move-test

fix/overwrite-strategy

fix/root-folder-sync

enh/local-hash-cash

test/ci

ui/vue

cookie-hack

fix/travis

rollup

refactor/ui

webdav

refactor/modularize

v5.9.1

v5.9.0

v5.8.6

v5.8.5

v5.8.4

v5.8.3

v5.8.2

v5.8.1

v5.8.0

v5.7.0

v5.6.0

v5.5.6

v5.5.5

v5.5.4

v5.5.3

v5.5.2

v5.5.1

v5.5.0

v5.4.5

v5.4.4

v5.4.3

v5.4.2

v5.4.2-alpha.1

v5.4.1

v5.4.0

v5.3.4

v5.3.3

v5.3.1

v5.3.0

v5.3.0-beta.1

v5.2.7

v5.2.6

v5.2.5

v5.2.4

v5.2.3

v5.2.2

v5.2.1

v5.2.0

v5.2.0-beta.3

v5.2.0-beta.2

v5.2.0-beta.1

v5.1.7

v5.1.6

v5.1.5

v5.1.4

v5.1.3

5.1.3-beta.1

v5.1.2

v5.1.1

v5.1.0

v5.0.12

v5.0.12-beta.1

v5.0.11

v5.0.10

v5.0.9

v5.0.8

v5.0.7

v5.0.6

v5.0.5

v5.0.4

v5.0.3

v5.0.2

v5.0.1

v5.0.0

v4.19.1

v4.19.0

v4.18.1

v4.18.0

v4.17.1

v4.17.0

v4.16.0

v4.15.0

v4.14.0

v4.13.1

v4.13.0

v4.12.0

v4.11.0

v4.11.0-alpha.0

v4.10.1

v4.10.0

v4.9.0

v4.8.7

v4.8.6

v4.8.4

v4.8.3

v4.8.2

v4.8.1

v4.8.0

v4.7.0

v4.6.4

v4.6.3

v4.6.2

v4.6.1

v4.6.0

v4.5.0

v4.4.10

v4.4.9

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.4.0-rc1

v4.3.0

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.2.0-beta.4

v4.2.0-beta.3

v4.2.0-beta.2

v4.2.0-beta.1

v4.1.0

v4.0.4

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v4

v4.0.0-alpha.3

v4.0.0-alpha.2

v4.0.0-alpha.1

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.2

v3.4.1

v3.4.0

v3.4.0-beta.3

v3.4.0-beta.2

v3.4.0-beta.1

v3.3.2

v3.3.1

v3.3.0

v3.3.0-beta.5

v3.3.0-beta.4

v3.3.0-beta.3

v3.3.0-beta.2

v3.3.0-beta.1

v3.2.16

v3.2.15

v3.2.14

v3.2.13

v3.2.12

v3.2.11

v3.2.10

v3.2.9

v3.2.8

v3.2.7

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.15

v3.1.14

v3.1.13

v3.1.12

v3.1.11

v3.1.10

v3.1.9

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.10

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v3.0.0-beta.9

v3.0.0-beta.8

v3.0.0-beta.7

v2.2.9

v3.0.0-beta.6

v3.0.0-beta.5

v3.0.0-beta.4

v3.0.0-beta.3

v3.0.0-beta.2

v3.0.0-beta-1

v3.0.0-alpha-1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.0

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0.0-beta.2

v1.3.4

v2.0.0-beta.1

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.3.0-beta.5

v1.3.0-beta.4

v1.3.0-beta.3

v1.3.0-beta.2

v1.3.0-beta1

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

Labels

Clear labels   

browser-specific

  

bug

  

correctness issues

  

enhancement

  

feature: Google Drive

  

feature: Linkwarden

  

feature: git

  

feature: nextcloud-bookmarks

  

feature: tabs

  

feature: webdav

  

help wanted

  

native-app

  

priority: high

  

priority: low

  

priority: medium

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

stale

  

upstream

  

waiting for more information

  

wontfix

  

🙁 Not following issue template

No labels

browser-specific

bug

correctness issues

enhancement

feature: Google Drive

feature: Linkwarden

feature: git

feature: nextcloud-bookmarks

feature: tabs

feature: webdav

help wanted

native-app

priority: high

priority: low

priority: medium

pull-request

question

question

stale

upstream

waiting for more information

wontfix

🙁 Not following issue template

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/floccus#558

No description provided.