Login

u/Dramatic_Jicama3186

▲ 20 r/nginxproxymanager

Is Nginx Proxy Manager affected by CVE-2026-42945?

Hi everyone,

I’m running Nginx Proxy Manager in Docker and I just checked my setup.

The NGINX version inside the container shows: 1.27.X.

I recently updated the container, but I’m trying to understand if my setup is still affected by CVE-2026-42945 (the nginx rewrite module vulnerability affecting versions ≤ 1.30.0).

Since NPM uses OpenResty instead of vanilla nginx, I’m not fully sure how to map the OpenResty version to the affected nginx versions.

Is NPM already patched for this CVE in recent Docker images?

reddit.com
u/Dramatic_Jicama3186 — 4 days ago
▲ 4 r/webdevelopment+2 crossposts

Apple cookie error

Hi everyone,

We are currently experiencing a strange issue with our PWA on iOS and I wanted to ask if anyone has seen something similar before.

Setup

  • Around 1,200 active users
  • ASP.NET backend/server
  • PWA hosted on a subdomain: user.PLACEHOLDER.de
  • The app has two main areas:
    • User area: /User
    • Admin area: /Customers

Most users install the PWA normally through Safari using “Add to Home Screen”.

The Problem

The issue only happens on iOS when the app is installed as a real PWA.

Steps to reproduce:

  1. Admin opens the installed PWA
  2. Admin navigates to the admin section (/Customers)
  3. Admin closes the PWA while still being inside /Customers
  4. When the admin reopens the app, the entire app is broken and nothing works anymore

However:

  • If the admin navigates back to the normal user area (/User) BEFORE closing the app, everything works fine
  • The issue only happens if the app is closed while inside /Customers

At this point, the only fix is:

  • uninstall the PWA
  • reinstall it
  • login again

The Weird Part

If the user only adds the website icon to the home screen WITHOUT installing it as a standalone PWA, everything works perfectly.

So the issue seems to happen specifically in iOS standalone PWA mode.

Additional Notes

  • Only happens on Apple/iOS devices
    • After latest IOS-Update
  • Android works perfectly

Has anyone experienced something similar or knows what could cause this behavior?

The cookie settings in ASP.NET:

options.Cookie.Domain = ".PLACEHOLDER.de";

options.Cookie.IsEssential = true;

options.Cookie.HttpOnly = true;

options.Cookie.SameSite = SameSiteMode.None;

options.Cookie.Path = "/";

options.Cookie.Name = ".AspNet.SharedCookie";

options.Cookie.SecurePolicy = CookieSecurePolicy.Always;

EDIT:

  • I currently suspect that the issue is related to cookies/session handling, but I’m not sure. Unfortunately we cannot properly debug iOS because we only have Windows devices available.

The mainfest.json:

{
  "manifest_version": 3,
  "name": "Name",
  "short_name": "Name",
  "description": "Buchen von Kursen",
  "icons": [
    {
      "src": "/images/192x192.png",
      "sizes": "192x192"
    },
    {
      "src": "/images/512x512.png",
      "sizes": "512x512"
    }
  ],
  "display": "standalone",
  "start_url": "https://user.PLACEHOLDER.de/User",
  "content_scripts": [
    {
      "js": [ "service-worker.js" ]
    }
  ]

}
u/Dramatic_Jicama3186 — 10 days ago