A bit of a strange one that I haven’t experienced with the many other scripts I’ve used…
When I log in by visiting the domain name that runs alongside Nginx Proxy Manager, after about 10 seconds or so, the page will refresh. The problem is if I am typing a task, when the page reloads I lose whatever I was typing in to the new task box, which really breaks the experience.
This does not happen if I access the local router IP and log in that way.
I have ensured that publicurl in the configuration file is inserted, I’ve tried adding proxy headers in Nginx, I’ve also done extensive Googling, and it seems nobody else has faced this issue.
When I test, a new browsing session is opened which includes a new cache, cookies, etc. I also reboot the LXC container on each change.
Any suggestions appreciated!
Does this happen every time you open Vikunja? Or only on the first attempt?
Thanks for your reply. It only happens on login. The issue is compounded for me as my browser is set to forget everything on each launch and when using the containers function, so I may log several times in a browsing session unlike others 
This seems like the culprit. Vikunja uses a service worker to “install” the application in your browser so that subsequent loads of it are faster. This also means that it will reload the page when it’s done installing to activate the installation. If you’re refreshing your browser every time you open it, it will have to do that every time you start using Vikunja.
Interesting, this is the first web software I’ve found that does this. Is there any way to disable it?
Also, how come this only happens when using it via a reverse proxy? This does not happen when access it via the local IP, but I’m in the same browser with the same settings
I assume your proxy does TLS termination? The technology behind this only works over HTTPS.
I’m not clued up on entirely what that means but I assume so. I tell the reverse proxy that it’s a http website, but I turn on a wildcard certificiate and force https, and I actually access the script with HTTPS.
I’ve just tried turning off the certificate and accessing the domain with HTTP, and indeed I do not get the refreshing behaviour, but of course that opens the door for credential theft, session hijacking, and man-in-the-middle attacks. I won’t be hosting anything crazy personal on it so it is tempting to use HTTP, but then I realised my mobile browser throws many warnings that unlike on desktop, it’s hard to turn off.
Another workaround would be to use the desktop app, but that would be, as the name implies, a separate thing from your browser.
1 Like