flood icon indicating copy to clipboard operation
flood copied to clipboard

Published 20 hours ago verified publisher icon Flood-UI

Manifest JSON is not fetched with credentials

Open bluecmd opened this issue 6 years ago • 3 comments

Type: Bug Report

  • [x] Try to follow the update procedure described in the README and try again before opening this issue.
  • [x] Please check the F.A.Q..
  • [x] Please check the Troubleshooting wiki section.

Your Environment

  • Version used:
    • Version (stable release) git --no-pager tag
    • Commit ID (development release) git --no-pager log -1

a7a849e7bf6f80857d727d31f1ef9200998bc54f

  • Environment name and version:
    • Node.js version node --version
    • npm version npm --version

Used provided Dockerfile, so node:10.1-alpine

  • Web browser name and version
  • Operating System and version: Windows 10, Chrome 70.0.3538.110

Summary

Manifest JSON is not fetched with credentials

Expected Behavior

When the request is sent out for manifest.json the cookies the browser normally uses should be attached to the request.

Current Behavior

No cookies are attached to the request.

Possible Solution

Javascript fetchers have options to attach cookies and credentials to request. Enable it for manifest.json.

Steps to Reproduce

  1. Open flood and run document.cookie = "testcookie=hello"; in the developer console.
  2. Refresh flood interface
  3. Observe that the request for /api/client/settings has the testcookie set.
:authority: x
:method: GET
:path: /api/client/settings
:scheme: https
accept: application/json, text/plain, */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,sv;q=0.8
cookie: testcookie=hello
dnt: 1
referer: https://x/overview
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36
  1. Observe that the request for /manifest.json does not have the cookie set.
:authority: x
:method: GET
:path: /manifest.json
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,sv;q=0.8
dnt: 1
referer: https://x/overview
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36

Context

The authentication proxy I'm using in front of flood sets cookies to allow access to resources. Since manifest.json is not fetched with the cookies, it will reject the request and the flood interface fails to load.

bluecmd avatar Dec 09 '18 14:12 bluecmd

@bluecmd Hi, can you finish to fill the template please (Your Environment).

noraj avatar Dec 10 '18 14:12 noraj

Hi, I already did:

Environment name and version: [...] Used provided Dockerfile, so node:10.1-alpine

bluecmd avatar Dec 10 '18 14:12 bluecmd

@bluecmd I didn't see you were using the docker

noraj avatar Dec 10 '18 16:12 noraj