For some reason creating the topic via Customer Portal returns the following error An error occurred: You are not permitted to view the requested resource., hence trying to create a topic here.
Support request
Hey, after upgrading our ELK to 7.17.12 and bumping RoR to 1.50.0, our integration tooling that interacts with Kibana via API and utilises RoR cookie can no longer get the cookie and instead gets 401 Unauthorized error. Note, that everything worked correctly when using RoR 1.44.0 and ES/Kibana 7.16.2.
ROR Version: 1.50.0
Kibana Version: 7.17.12
Elasticsearch Version: 7.17.12
Steps to reproduce the issue: Try getting the RoR cookie by sending the POST request to https://HOSTNAME/login with Basic Auth.
Expected result: Response with 200 status code and RoR cookie in the headers
Actual Result: Response with 401 status code and no RoR cookie in the headers
I couldn’t even create a new topic without logging into the forum. After logging-in and then using the customer page to get into the new topic creation page I was marked as a PRO User, but I got the mentioned error when trying to create a ticket.
@Dzuming correct me if I’m wrong, but AFAIR in the newer ROR versions you can simply add Basic auth headers to the /api/* requests in Kibana and it ROR will authenticate fine. No need to use the cookie anymore.
Yes, exactly, you are right. Since we introduced CSRF protection to the login form, there is no way to generate it via direct HTTP call to the /login endpoint.
Thank you for the tip - adding auth header in all requests instead of using /login helped. @sscarduzio I’ve tried creating the ticket again, but got the same error