API calls from Custom Plugins after installing ROR are throwing 302 Redirects

(Roger Seth) #1

@sscarduzio We’re trying to construct custom plugins that do various business functionalities. One of them is to essentially make an API call to fetch certain user data that we want the plugin to then further parse and take some UI action. When attempting this without ROR, the API call succeeds with 200OK. With ROR, we’re seeing a redirect to 302!

Please see the attached screenshot.

(Roger Seth) #2

deleting!!! wrong post!

(Roger Seth) #3

Updated Post with Screenshot.
@sscarduzio It looks like ANY API call is being intercepted by ROR and is being redirected to /login angular route.

In the example above - we’re trying to make an API call to the Plugin which tries to fetch certain records but the calls are always resulting in a:

302 Redirect

to /login

(Simone Scarduzio) #4

Hi Roger,
Yes this is how ROR works: it protects all the routes when accessed without credentials. It’s kinda the point.
Nevertheless, the need to whitelist certain paths emerged before i.e. /api/status for load balancers.

So I created a hack that whitelists authentication for certain paths (as regex). This is quite delicate for security, so be careful.

This is an example of how it would work:

readonlyrest_kbn.whitelistedPaths: [".*/api/status"]

Please confirm that this solution would fit your purpose.

(Roger Seth) #5

This would work. Our application is protected in bastion space and we can only call protected APIs. I assume this fix/hack is already in the current ROR version ?

(Simone Scarduzio) #6

It’s in the master, I need to build a version for you, if you are in a hurry. I want next release to have SAML, and I just started to integrate it, so it would normally take a week at least.

(Roger Seth) #7

We’re targetting a release on thursday. We had considered this a “Fast Followup” after the release considering we had just reported the bug - but for our Demo to leadership, having this will be a big win :slight_smile:

If its possible to get a fix before then, it would be awesome. No worries if its too aggressive for you!

(Simone Scarduzio) #8

Generally this kind of support is reserved for Enterprise subscribers, but you are kindly helping me out in other fronts: i.e. good feedback loop, etc. You will have the build soon. :+1:

(Roger Seth) #9

Hey @sscarduzio we are enterprise subscribers. I’ll send an email from our distro that we used when purchasing the enterprise license :slight_smile:

(Simone Scarduzio) #10

LOL :sweat_smile: sorry! I really should find a way to automatically tag users in this forum.