I am facing a new issue after upgrading to my ghost version to 3.
Unable to determine the authenticated user or integration. Check that cookies are being passed through if using session authentication.
Logs says
{"name":"Log","hostname":"xxxxxxx-las-2","pid":356,"level":50,"req":{"meta":{"requestId":"3aa68608-dd59-45c1-a11f-f527725ba20a","userId":null},
"url":"/users/me/?include=roles","method":"GET","originalUrl":"/en/blog/ghost/api/v3/admin/users/me/?include=roles","params":{},"headers":
{"x-real-ip":"aa.bb.cc.226","host":"www.test.xxxxxxx.com","x-forwarded-for":"aa.bb.cc.226","x-forwarded-proto":"https","connection":"close","accept":"application/json,
text/javascript, */*; q=0.01","x-requested-with":"XMLHttpRequest","x-ghost-version":"3.20","app-pragma":"no-cache","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36","content-type":"application/json;
charset=UTF-8","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://www.test.xxxxxxx.com/en/blog/ghost/","accept-encoding":"gzip,
deflate, br","accept-language":"en"},"query":{"include":"roles"}},"res":{"_headers":{"x-powered-by":"Express","cache-control":"no-cache, private, no-store, must-revalidate, max-stale=0,
post-check=0, pre-check=0","content-type":"application/json; charset=utf-8","content-length":"321","etag":"W/\"141-Bdi/RWqkP8h7mDzhhD3/NO2f4Uw\"","vary":"Accept-Encoding"},"statusCode":403,
"responseTime":"4ms"},"err":{"id":"1d858a30-bafb-11ea-b3d6-816724f7cea1","domain":"https://www.test.xxxxxxx.com/en/blog/","code":null,"name":"NoPermissionError","statusCode":403,"level":"normal",
"message":"Authorization failed","context":"\"Unable to determine the authenticated user or integration. Check that cookies are being passed through if using session authentication.\"",
"stack":"NoPermissionError: Authorization failed\n at new NoPermissionError (/var/www/xxxxxxx/public_html/en/blog/versions/3.20.0/node_modules/ghost-ignition/lib/errors/index.js:134:23)\n
at authorizeAdminApi (/var/www/xxxxxxx/public_html/en/blog/versions/3.20.0/core/server/services/auth/authorize.js:28:25)\n at Layer.handle [as handle_request]
(/var/www/xxxxxxx/public_html/en/blog/versions/3.20.0/node_modules/express/lib/router/layer.js:95:5)\n at next
(/var/www/xxxxxxx/public_html/en/blog/versions/3.20.0/node_modules/express/lib/router/route.js:137:13)\n at authenticate
(/var/www/xxxxxxx/public_html/en/blog/versions/3.20.0/core/server/services/auth/session/middleware.js:24:13)\n at runMicrotasks (<anonymous>)\n
at processTicksAndRejections (internal/process/task_queues.js:97:5)"},"msg":"Authorization failed","time":"2020-06-30T17:57:08.309Z","v":0}
Something related to my config. I dont know what is the error. Ghost installed on a sub-directory /en/blog
Here is my config
upstream ghost_upstream {
server 127.0.0.1:3369;
keepalive 64;
}
proxy_cache_path /var/run/cache levels=1:2 keys_zone=STATIC:75m inactive=24h max_size=512m;
server {
listen 80;
expires $expires;
server_name xxbbccee.com www.xxbbccee.com www.test.xxbbccee.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
expires $expires;
server_name xxbbccee.com;
ssl_certificate /etc/httpd/ssl/xxbbccee.crt;
ssl_certificate_key /etc/httpd/ssl/xxbbccee.key;
return 301 https://www.xxbbccee.com$request_uri;
}
server {
listen 443 ssl http2;
expires $expires;
server_name www.xxbbccee.com www.test.xxbbccee.com *.xxbbccee.com;
ssl_certificate /etc/httpd/ssl/xxbbccee.crt;
ssl_certificate_key /etc/httpd/ssl/xxbbccee.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
root /var/www/xxbbccee/public_html;
index index.php index.phtml index.html index.htm index.cgi index.pl;
error_log /var/log/nginx/xxbbccee_error.log;
access_log /var/log/nginx/xxbbccee_access.log;
# Ghost Blog
location ~ ^/en/blog(?:ghost|signin|signout)/ {
add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
proxy_hide_header X-powered-by;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
expires 10m;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://ghost_upstream;
}
location ^~ /en/blog {
proxy_cache STATIC;
proxy_cache_valid 200 30m;
proxy_cache_valid 404 1m;
proxy_pass http://ghost_upstream;
# proxy_pass http://127.0.0.1:3369;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
proxy_ignore_headers Set-Cookie;
proxy_hide_header Set-Cookie;
proxy_hide_header X-powered-by;
expires 10m;
}
location /content/images {
alias /var/www/xxbbccee/public_html/en/blog/content/images;
access_log off;
expires max;
}
# location /assets {
# alias /var/www/xxbbccee/public_html/en/blog/content/themes/xxbbccee_3.7/assets;
# access_log off;
# expires max;
# }
}