Manifest JSON is not fetched with credentials

bluecmd commented 5 years ago

Type: Bug Report

[x] Try to follow the update procedure described in the README and try again before opening this issue.
[x] Please check the F.A.Q..
[x] Please check the Troubleshooting wiki section.

Your Environment

Version used:
- Version (stable release) git --no-pager tag
- Commit ID (development release) git --no-pager log -1

a7a849e7bf6f80857d727d31f1ef9200998bc54f

Environment name and version:
- Node.js version node --version
- npm version npm --version

Used provided Dockerfile, so node:10.1-alpine

Web browser name and version
- Operating System and version: Windows 10, Chrome 70.0.3538.110

Summary

Manifest JSON is not fetched with credentials

Expected Behavior

When the request is sent out for manifest.json the cookies the browser normally uses should be attached to the request.

Current Behavior

No cookies are attached to the request.

Possible Solution

Javascript fetchers have options to attach cookies and credentials to request. Enable it for manifest.json.

Steps to Reproduce

Open flood and run document.cookie = "testcookie=hello"; in the developer console.
Refresh flood interface
Observe that the request for /api/client/settings has the testcookie set.

:authority: x
:method: GET
:path: /api/client/settings
:scheme: https
accept: application/json, text/plain, */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,sv;q=0.8
cookie: testcookie=hello
dnt: 1
referer: https://x/overview
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36

Observe that the request for /manifest.json does not have the cookie set.

:authority: x
:method: GET
:path: /manifest.json
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,sv;q=0.8
dnt: 1
referer: https://x/overview
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36

Context

The authentication proxy I'm using in front of flood sets cookies to allow access to resources. Since manifest.json is not fetched with the cookies, it will reject the request and the flood interface fails to load.

noraj commented 5 years ago

@bluecmd Hi, can you finish to fill the template please (Your Environment).

bluecmd commented 5 years ago

Hi, I already did:

Environment name and version: [...] Used provided Dockerfile, so node:10.1-alpine

noraj commented 5 years ago

@bluecmd I didn't see you were using the docker

Flood-UI / flood