alansemenov
commented
5 years ago @pmi this is quite critical. we need to change the progress update to not use credentials, as described by Glenn here
Closed ComLock closed 5 years ago
alansemenov
commented
5 years ago @pmi this is quite critical. we need to change the progress update to not use credentials, as described by Glenn here
GlennRicaud
commented
5 years ago Okay without implementing everything I mentionned in the issue. The idea is to at least reuse the session ID for the progress requests
pmi
commented
5 years ago @ComLock @ase @gri There is a --new-auth flag for that currently, you know that right ? ;)
pmi
commented
5 years ago Although it's not as natural to use as session ID of course
ComLock
commented
5 years ago @pmi I do not know. Also it's the 200+ developers out there that should not have to know everything, but be able to follow an upgrade documentation...
sigdestad
commented
5 years ago So, what we SHOULD do in this case is to disassociate the websocket from the user session i.e. making the websocket that feeds the progress available for anyone to listen to.
So, my point is that we do not need to limit progress info to the su user (which is deleted during the load anyway).
Sessions do not solve this in any way, you only need a stable websocket handle...
During the loading of the dump the password for the su user is overwritten. At this point the progress connection fails. And you end up with 0.00% and 403 HTTP 403 Forbidden.
The dump is loaded fine though.
@GlennRicaud says we should use the session for getting progress rather than using the username and password.
The documentation should perhaps also be updated. https://developer.enonic.com/docs/xp/stable/release/upgrade#3_upgrade_and_load