search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.7k stars 579 forks source link

405 on login #1463

Open xingheluqi opened 2 years ago

xingheluqi commented 2 years ago

1、I use the following method to build

Downloads the latest Docker Compose file

curl -LO https://dependencytrack.org/docker-compose.yml

Starts the stack using Docker Compose

docker-compose up -d

2、405 on login Below is the log

192.168.36.54 - - [11/Mar/2022:00:41:05 +0000] "POST /api/v1/user/login HTTP/1.1" 405 559 "http://10.20.102.96:8080/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36" "-"

lfbayer commented 2 years ago

I encountered the same issue. I shift-clicked the page refresh button in the browser and tried again and the login succeeded. So clearing the browser cache seems to have fixed it for me.

turbolocust commented 2 years ago

In my case I had to set the API_BASE_URL environment variable. It was empty in my cluster deployment. See the documentation for more details. Also note, that it says that the URL must be reachable by the browsers of your users.

AleksVAnd commented 2 years ago

I am using the Helm chart and hit a similar issue.

I verified that I can login

curl -vkL http://deptrack.local/api/v1/user/login -d "username=admin&password=admin"
*   Trying 10.201.63.4...
* TCP_NODELAY set
* Connected to deptrack.local (10.201.63.4) port 80 (#0)
> POST /api/v1/user/login HTTP/1.1
> Host: deptrack.local
> User-Agent: curl/7.55.1
> Accept: */*
> Content-Length: 29
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 29 out of 29 bytes
< HTTP/1.1 401 Unauthorized
< Date: Tue, 25 Oct 2022 11:24:56 GMT
< Content-Type: text/plain
< Content-Length: 21
< Connection: keep-alive
< X-Powered-By: Dependency-Track v4.6.1
< Cache-Control: private, max-age=0, must-revalidate, no-cache
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
< Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count, *
< Access-Control-Expose-Headers: Origin, Content-Type, Authorization, X-Requested-With, Content-Length, Accept, Origin, X-Api-Key, X-Total-Count
< Access-Control-Allow-Credentials: true
< Access-Control-Max-Age: 3600
<
FORCE_PASSWORD_CHANGE

It seems that the frontend and the backend are not communicating. For the API_BASE_URL I tried:

I would really appreciate your response because I am stuck.

nscuro commented 2 years ago

It seems that the frontend and the backend are not communicating

Because they are not intended to, see https://docs.dependencytrack.org/getting-started/configuration/#frontend

NOTE:

  • This URL must be reachable by the browsers of your users.
  • The frontend container itself does NOT communicate with the API server directly, it just serves static files.
  • When deploying to dedicated servers, please use the external IP or domain of the API server.

Ensure that the frontend container is recreated after you changed the API_BASE_URL environment variable, and clear your browser's cache.

AleksVAnd commented 2 years ago

It seems that the frontend and the backend are not communicating

Because they are not intended to, see https://docs.dependencytrack.org/getting-started/configuration/#frontend

NOTE:

  • This URL must be reachable by the browsers of your users.
  • The frontend container itself does NOT communicate with the API server directly, it just serves static files.
  • When deploying to dedicated servers, please use the external IP or domain of the API server.

Ensure that the frontend container is recreated after you changed the API_BASE_URL environment variable, and clear your browser's cache.

Yeah, my mistake about the cache.

It finally worked with http://deptrack.local.

For the record - the configuration note states that the frontend doesn't communicate DIRECTLY with the backend - not that it doesn't at all:

POST /login < frontend redirects to /api , which responds with FORCE_PASSWORD_CHANGE that triggers frontend JavaScript < backend redirects to /change-password < frontend triggers /api/forceChangePassword to validate with postgreSQL < backend redirects to /login

harryssuperman commented 1 year ago

For me the PortMapping was like next: apiserver 8081:8080 podman run -d -m 8192m -p 8081:8080 --name dependency-track -v dependency-track:/data dependencytrack/apiserver

and

frontend 8080:8080 podman run -d -p 8080:8080 --name dependency-frontend dependencytrack/frontend

buger commented 1 year ago

Does it mean that we have to run API server and Frontend server on separate ports/domains? Can't it all live on the same port?

syalioune commented 1 year ago

They are two distinct components serving their own resources so you can't run them on the same port. You can however use the same domain so long as they can be reached independently using things like subdomains or prefix path routing.