yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1943618] [NEW] Unable to handle Swift containers in Horizon due to cookies settings

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Vadym Markov <1943618@xxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Sep 2021 16:04:41 -0000
Reply-to: Bug 1943618 <1943618@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Reproduced on several versions since at least Pike to Victoria. Special
config needed:

$ grep -i "cookie" local_settings.py

CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
SESSION_COOKIE_HTTPONLY = True

Critical option for reproduce is CSRF_COOKIE_HTTPONLY, turning it off
suppresses the issue.

Reproduce:

In Horizon Dashboard:
Project -> Object store -> Containers -> "Create container" fails with the following error: 

"Error: Unable to create container"

The following messages are captured in horizon log:

django.request Not Found: /horizon/api/swift/containers/test/metadata/
django.security.csrf Forbidden (CSRF token missing or incorrect.): /horizon/api/swift/containers/test/metadata/

Also deleting of existing container fails with the similar error

** Affects: horizon
     Importance: Undecided
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1943618

Title:
  Unable to handle Swift containers in Horizon due to cookies settings

Status in OpenStack Dashboard (Horizon):
  In Progress

Bug description:
  Reproduced on several versions since at least Pike to Victoria.
  Special config needed:

  $ grep -i "cookie" local_settings.py

  CSRF_COOKIE_SECURE = True
  SESSION_COOKIE_SECURE = True
  CSRF_COOKIE_HTTPONLY = True
  SESSION_COOKIE_HTTPONLY = True

  Critical option for reproduce is CSRF_COOKIE_HTTPONLY, turning it off
  suppresses the issue.

  Reproduce:

  In Horizon Dashboard:
  Project -> Object store -> Containers -> "Create container" fails with the following error: 

  "Error: Unable to create container"

  The following messages are captured in horizon log:

  django.request Not Found: /horizon/api/swift/containers/test/metadata/
  django.security.csrf Forbidden (CSRF token missing or incorrect.): /horizon/api/swift/containers/test/metadata/

  Also deleting of existing container fails with the similar error

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1943618/+subscriptions