Closed skannengiesser closed 1 year ago
This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io
The bug report is still relevant. The Request-Token header
as requested by NiFi does still not get set in HEAD
of DataHub code.
Verified bug with DataHub 0.9.5 and Apache NiFi 1.19.0. Will soon be able to test with more recent versions. But codebase of DataHub has not yet changed in relevant part and NiFi still documents this requirement to fulfill their CSRF protection strategy as written here: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#csrf-protection
As stated before, I'd go ahead and provide a patch for this but would like to get confirmation of a maintainer in advance. Thank you.
This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io
This issue was closed because it has been inactive for 30 days since being marked as stale.
Describe the bug Ingesting with NiFi plugin as described here, returns 403 on POSTing to NiFi's Provenance API endpoint. Root cause seems to be that starting with NiFi 1.15.0, a random token is being exchanged between NiFi and the client (here Datahub) in form of a second Cookie upon calling the
/access/token
endpoint. For all subsequent PUT and POST requests the content of that Cookie (currently called__Secure-Request-Token
) has to be placed in a custom HTTP header calledRequest-Token
. Using NiFi UI this happens from NiFis Javascript code. The appropriate part seems to be missing in Datahub. Please see additional context below for further information.To Reproduce Steps to reproduce the behavior:
Expected behavior Provenance data gets ingested by Datahub.
Additional context Please see NiFis docs about the authorization workflow here. To my understanding the fix has to go here. The custom
Request-Token
header has to be set there. The reproduction of the 403 and its resolution by adding the header was verified here using Postman.Please don't hesitate to ask for further information if needed.
I also can provide a PR if desired. Though I have to setup a Datahub dev environment first that I currently do not have.