Armadillo 3.4 and up frontend permission denied on certain server config

molgenis / molgenis-service-armadillo

Armadillo; a DataSHIELD implementation, part of the MOLGENIS suite

https://molgenis.github.io/molgenis-service-armadillo/

GNU Lesser General Public License v3.0

7 stars 10 forks source link

Armadillo 3.4 and up frontend permission denied on certain server config #635

Closed marikaris closed 8 months ago

marikaris commented 9 months ago

On our own servers and locally 3.4 and up, work fine. But when we upgrade cohorts with servers hosted elsewhere (with an F5 frontend server), whenever they startup armadillo and go to the UI:

when they login as admin, they will get "Failed to fetch", when they then refresh, they seem to be logged in with no permissions.
when they login as oidc (super)user, they seem to be logged in with no permissions
when logging in via curl/r api, everything seems okay (we can add and delete projects/users)

marikaris commented 9 months ago

We compared 3.3 and 3.4 code + the dependency updates of Spring boot, Spring security and vite. Have not found anything there, yet.

Tried to reproduce on our dev server, thus far unsuccessful. We were able to create the same behaviour by commenting out proxy_set_header Host $host; in the nginx config, but when we then installed 3.3, it was still broken.

marikaris commented 8 months ago

It only didn't seem to work when using apache, nginx (our own config) did work on the other services. Eventually we got it to work on apache, but we don't recommend using apache with armadillo.