When a newly created user logs into a Cloud instance for the first time and are taken through the MFA enrollment steps, the QR code image fails to load. There is an accompanying content security policy error in the browser console.
They haven't created a new user in a while, but pretty sure this worked in the past on 5.x releases.
To rule out any issues with their corporate network policies, confirmed the same issue occurs when accessed from an external device.
Steps to recreate:
1) Create a new user in the Graylog portal
2) Attempt to log in as the new user and follow the MFA onboarding steps until the QR Code page
3) QR Code fails to load as shown in above screenshot with accompanying console error.
Possible Solution
This is the culprit, and the Cloud customers' domains are graylog.cloud not .org.
Content-Security-Policy: The page's settings blocked the loading of a resource (img-src) at https://graylog.okta.com/api/v1/users/00uk7t3culRZgMbQo4x7/factors/opfk7t2t8iFzFlRqa4x7/qr/20111IMYzZD8pF_3OGE7hQ-qt-4XwX6EQ8SoeAnqisJ40u62Ino1mXf because it violates the following directive: "img-src 'self' data: https://*.tile.openstreetmap.org https://graylog.org/"
i would suggest we create a new cloud group (similar to default and swagger) for it, so we can separate things properly and do not include graylog.okta.com in our CSP for on premise unnecessarily
Expected Behavior
QR code image is shown during enrolling an MFA for cloud instances.
Current Behavior
The slack thread related to this: https://graylog.slack.com/archives/C024KUJUB/p1718799036184369
Possible Solution
This is the culprit, and the Cloud customers' domains are graylog.cloud not .org.
A possible solution https://graylog.slack.com/archives/C024KUJUB/p1718886864553589?thread_ts=1718799036.184369&cid=C024KUJUB:
Steps to Reproduce (for bugs)
Context
Your Environment