XXL grapher extension not working since Zabbix 3.4.5

[PadaKwaak]

Description

XXL grapher extension not working since Zabbix 3.4.5, most likely due to the fix ZBX-13262 ( fixed cookie http-only attribute to prevent XSS attacks ) which prevents the grapher.js from obtaining the zbx_sessionid cookie value.

Steps to Reproduce

1. Ensure Zabbix Web interface is running with "XXL_grapher=true" environment variable and that you're hosting it over https
2. Log in on Zabbix Web interface
3. Navigate to XXL extensions -> Grapher
4. Start typing in one of your hostnames into the Host field

Expected behavior: The Host field is supposed to show a list of existing hosts

Actual behavior: The Host field never shows any hostnames, as if autocompletion isn't working.

Reproduces how often: 100% of the time since Zabbix 3.4.5

Versions

monitoringartist/dockbix-xxl:3.4.7

Additional Information

The cookie value should not be sent in the JSON payload. The browser should just automatically include it as part of the header of the JSON RPC request.

Also, the ZabbixApi function does not handle error responses in a user-friendly way. In this particular case the response object contained an error object with, code: -32602, data: "Not authorized.", message: "Invalid params." The request payload to the api_jsonrpc.php was: {"jsonrpc":"2.0","method":"hostgroup.get","id":0,"auth":null,"params":{"monitored_hosts":1,"sortfield":"name","selectHosts":["name"],"output":["name"]}}

You Docker knowledge level

Advanced

[Volont84]

Workaround for this issue: Edit /usr/local/src/zabbix/frontends/php/includefunc.inc.php and change setcookie($name, $value, isset($time) ? $time : 0, null, null, HTTPS, true); to setcookie($name, $value, isset($time) ? $time : 0, null, null, HTTPS);

[PadaKwaak]

Thanks @Volont84 , disabling the http-only flag in /usr/local/src/zabbix/frontends/php/include/func.inc.php did the trick.