Wiki.js breaks and displays blank page when cookies are denied #1155

New issue

Open

opened 2026-02-20 15:28:54 -05:00 by deekerman · 3 comments

deekerman commented

2026-02-20 15:28:54 -05:00

Owner

Originally created by @fireundubh on GitHub (Feb 26, 2020).

Originally assigned to: @NGPixel on GitHub.

Using Firefox 73, setting the browser to deny all cookies breaks Wiki.js v2.1.x and a blank page is displayed to the user.

Another user reported the same issue in Chrome when that browser is set to deny all cookies.

I reproduced the issue in Vivaldi by setting the browser to deny all cookies. I could not reproduce the issue in Vivaldi when using uMatrix to block cookies, however. In that case, the browser may be accepting the cookie, which is good enough for Wiki.js, but the extension intercepts and discards it.

Wiki.js should not require a cookie for unauthenticated guest users.

Originally created by @fireundubh on GitHub (Feb 26, 2020). Originally assigned to: @NGPixel on GitHub.  Using Firefox 73, setting the browser to deny all cookies breaks Wiki.js v2.1.x and a blank page is displayed to the user. Another user reported the same issue in Chrome when that browser is set to deny all cookies. I reproduced the issue in Vivaldi by setting the browser to deny all cookies. I could not reproduce the issue in Vivaldi when using uMatrix to block cookies, however. In that case, the browser may be accepting the cookie, which is good enough for Wiki.js, but the extension intercepts and discards it. **Wiki.js should not require a cookie for unauthenticated guest users.** ![2020-02-26 17_07_01](https://user-images.githubusercontent.com/1261664/75403311-2c62f480-58bc-11ea-820e-e4c22c6e184e.jpg)

deekerman added the

bug

contrib-medium

labels

2026-02-20 15:28:54 -05:00

deekerman commented

2026-02-20 15:28:55 -05:00

Author

Owner

@fireundubh commented on GitHub (Feb 26, 2020):

A cursory look at the source suggests that you're assuming the jwt cookie is available, but if it's not (as it wouldn't be when cookies are denied at the lower browser level), the code that operates on the jwt cookie is probably just throwing exceptions. There doesn't seem to be any logging to file so I can't check that.

@fireundubh commented on GitHub (Feb 26, 2020): A cursory look at the source suggests that you're assuming the `jwt` cookie is available, but if it's not (as it wouldn't be when cookies are denied at the lower browser level), the code that operates on the `jwt` cookie is probably just throwing exceptions. There doesn't seem to be any logging to file so I can't check that.

deekerman commented

2026-02-20 15:28:56 -05:00

Author

Owner

@cadpnq commented on GitHub (Feb 26, 2020):

The issue appears to be cookie-adjacent and not actually a cookie. By disabling cookies you are also disallowing access to local storage. At least one of the dependencies here (namely i18next-localstorage-backend) relies on local storage to function. Without that it just throws an error and never gets around to showing anything on the page.

I wouldn't categorize this as a code issue in this project.

@cadpnq commented on GitHub (Feb 26, 2020): The issue appears to be cookie-adjacent and not actually a cookie. By disabling cookies you are also disallowing access to local storage. At least one of the dependencies here (namely `i18next-localstorage-backend`) relies on local storage to function. Without that it just throws an error and never gets around to showing anything on the page. I wouldn't categorize this as a code issue in this project.

deekerman commented

2026-02-20 15:28:56 -05:00

Author

Owner

@NGPixel commented on GitHub (Feb 27, 2020):

Most likely an issue with the localstorage indeed. A bug nonetheless...

@NGPixel commented on GitHub (Feb 27, 2020): Most likely an issue with the localstorage indeed. A bug nonetheless...