KeyHelp Community

---------------------------------------------------------------------------


I'm sure the cause of the problem is within KeyHelp
(Problems not related to KeyHelp belong in the Offtopic forum)


Ubuntu 20.04
(e.g. Ubuntu 20.04)


KVM
(e.g. none, OpenVZ, KVM, XEN, etc.)


22.0 (Build 2393)



I am receiving an AJAX_ERROR in Service/port monitoring and update information with the error: Failed to retrieve update information.
It is also throwing an AJAX_ERROR for the news tab on the dashboard. Console gives these errors:
AJAX-ERROR
functions.js?v=385251d48450fc342bf98fc99412f3991ca8e6fc:132 Type: parsererror
functions.js?v=385251d48450fc342bf98fc99412f3991ca8e6fc:133 Staus: 200 - parsererror
functions.js?v=385251d48450fc342bf98fc99412f3991ca8e6fc:134 Response:
Invalid session.
functions.js?v=385251d48450fc342bf98fc99412f3991ca8e6fc:131 AJAX-ERROR
functions.js?v=385251d48450fc342bf98fc99412f3991ca8e6fc:132 Type: parsererror
functions.js?v=385251d48450fc342bf98fc99412f3991ca8e6fc:133 Staus: 200 - parsererror
functions.js?v=385251d48450fc342bf98fc99412f3991ca8e6fc:134 Response:
Invalid session.


Expected result


Actual result


Steps to reproduce


It's happening after a fresh install so there wasn't any changes made.
(e.g. recent changes to the server, excerpts from log files (/var/log/*, /var/log/keyhelp/php-error.log, etc.))

I can confirm this error (KeyHelp 22.0 (Build 2393) on Debian 11.3 (64-bit)).

Not for me:

Debian11 with all latest updates
Keyhelp 22.0 (Build 2393)

So it seems it doesn't affect everybody ...

Hello,

this is no general issue. It also works on my Debian 11 test servers.

Something on your server must block the requests

For me it seems to be a browser problem. I get the ajax error only with Brave browser. The ajax call returns a "Invalid session." instead of the correct data in that case.

In Chrome and Firefox the ajax calls are successful. Since Brave is more strict about privacy protection it may handle cookie + ajax a bit different than the other browsers.

I checked it with Brave Browser and can reproduce the problem. Other Browsers work fine.

Background information: KeyHelp has an anti-session-hijack-mechanism, which ensures that a session cannot be hijacked by an attacker by checking (among other checks) various browser features to see if they are still the same as the last time they the browser performed a request.

The problem now is that Brave seems to be inconsistent when accessing a page directly and when performing an Ajax request. (Specifically: it sends different HTTP_ACCEPT_LANGUAGE headers), which is strange behavior. I will now have to check why they are doing this and how to prevent it....

I fixed it via the Brave settings:

1) Go to Settings
2) Turn off the fingerprint settings ("Prevent websites from fingerprinting me based on my language settings")

---

I see what they are trying to achieve, but as this is a security feature of KeyHelp (and of course is not for tracking within KeyHelp) I am not planing in changing anything in the behavior of KeyHelp for now.

Alexander wrote: ↑Fri 3. Jun 2022, 10:19 I fixed it via the Brave settings:

1) Go to Settings
2) Turn off the fingerprint settings ("Prevent websites from fingerprinting me based on my language settings")

Confirmed here. Thank you, Alex!

I was using Brave browser, and when I tried it on Chrome, the problem disappeared. Wow, good catch.