Components Screen Search Results: Dependency Graph Links Give HTTP 403

[msymons]

Current Behavior

The Components screen allows one to search the portfolio for components using purl, GAV, etc.

Each search results is displayed with its' own dependency graph icon.. a link to the graph for that occurrence of the component (ie, different projects will give different graphs). The caveat is that the icon will not display at all when there is no graph available (eg, where SBOM was older CycloneDX, such as v1.2).

The links are working in DT v4.12.3 and not working in v4.13.0-SNAPSHOT (Affects 7th Feb 2025 build and builds for at least a week prior). In v4.13.0-SNAPSHOT the links give an HTTP 403 error. This was when logged in as an admin user with all 14 permissions enabled.

As per the screenshot, the error is only seen in context of the /components screen. Clicking on the graph icon for a component in the "components" tab for a project works just fine.

Steps to Reproduce

1. Login to v4.12.x as admin user
2. Navigate to /components screen
3. Perform a search that returns at least one result that displays a graph icon
4. Click on graph icon an confirm that graph displays correctly
5. Now repeat steps 1-4 for v4.13.0-SNAPSHOT

Expected Behavior

Dependency Graph for component should display correctly. There should not be an HTTP 403 (access denied) error.

Dependency-Track Frontend Version

4.13.0-SNAPSHOT

Browser

Mozilla Firefox

Browser Version

135.0

Operating System

Windows

Checklist

• [x] I have read and understand the contributing guidelines
• [x] I have checked the existing issues for whether this defect was already reported

[nscuro]

Regression since v4.12.x is not affected. Needs to be fixed prior to v4.13.0 release.