Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-2254

Service discovery ajax fetch with 'same-origin' credentials policy

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • None
    • 2.4 GA, 2.5 CR1
    • System
    • 3
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Hide
      • Configure a Service to be discovered on Openshift without SSO (instructions here).
      • Try to add a new API importing from Openshift ("Service discovery") using Firefox version prior 61 (e.g. the latest Firefox supported by RHEL 7, v60.5.0)

      It will not share the credentials to the XHR request, then it will receive a 403 Forbidden to the request.

      Show
      Configure a Service to be discovered on Openshift without SSO (instructions here ). Try to add a new API importing from Openshift ("Service discovery") using Firefox version prior 61 (e.g. the latest Firefox supported by RHEL 7, v60.5.0) It will not share the credentials to the XHR request, then it will receive a 403 Forbidden to the request.
    • 3scale 2019-04-08

    Description

      The AJAX request performed by the service discovery feature when adding a new API in Admin Portal with the option "Import from OpenShift" fails on Firefox version prior to 61.

      This is due to the default policy of the browser to 'omit' credentials on requests performed with the window.fetch Javascript function. Originally reported on https://github.com/3scale/porta/issues/594.

      Success on Google Chrome v73.0

      Success on Firefox v67.0

      Fail on Firefox v60.6.1

      Dev notes
      The fix should be as easy as passing the 'same-origin' credentials policy as additional argument to the window.fetch call.

      Alternatively we could use fetch polyfill.

      Update:
      As we need to move this asset to webpack, Is better to move it now, this way we'll be able to use the fetch polyfill and others ES6 features.

      The current open PR (https://github.com/3scale/porta/pull/595) just add the credentials, but anyway it needs to be moved to webpack

      Attachments

        Activity

          People

            Unassigned Unassigned
            mcassola Guilherme Cassolato
            Damian Peralta Damian Peralta (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: