More verbose error message when login nonce check fails

At the moment Matomo only shows the following error:

Fehler : Sicherheitschecks fehlgeschlagen. Bitte laden Sie das Formular erneut und prüfen Sie, ob Ihr Browser Cookies zulässt. Wenn Sie einen Proxy Server verwenden, müssen Sie Matomo so einrichten, dass es Proxy Header akzeptiert.

matomo/plugins/Login/lang/en.json

Line 8 in da45651

    
           "InvalidNonceOrHeadersOrReferrer": "Form security failed. Please reload the form and check that your cookies are enabled. If you use a proxy server, you must %1$s configure Matomo to accept the proxy header%2$s that forwards the Host header. Also, check that your Referrer header is sent correctly.",

But when the user has Cookies enabled (which is pretty likely) and is sure that they don't use a reverse proxy (shouldn't it say reverse proxy instead of proxy in the message?), there is no way for them to troubleshoot this issue further, and they will most likely just give up on using Matomo.

Maybe all checks that could fail in verifyNonce() and isLocalurl("") should be logged or even help display a more helpful error message.

matomo/core/Nonce.php

Line 70 in 679e73f

public static function verifyNonce($id, $cnonce)

matomo/core/Url.php

Line 547 in 06d4385

public static function isLocalUrl($url)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

More verbose error message when login nonce check fails #16607

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

More verbose error message when login nonce check fails #16607

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions