ROR PRO: XSRF error in IE11


(Ronald van Boven) #1

Hi,
We are facing a login issue with IE11.
After entering credentials it gives:
{“statusCode”:400,“error”:“Bad Request”,“message”:“Request must contain a kbn-xsrf header.”}

In the logs I see the following
{“type”:“response”,"@timestamp":“2018-10-18T18:06:48Z”,“tags”:[],“pid”:20778,“method”:“post”,“statusCode”:400,“req”:{“url”:"/login",“method”:“post”,“headers”:{“host”:“127.0.0.1:5601”,“accept”:“text/html, application/xhtml+xml, image/jxr, /”,“referer”:“https://FQDN_removed/login”,“accept-language”:“en-US”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko”,“content-type”:“application/x-www-form-urlencoded”,“accept-encoding”:“gzip, deflate”,“cache-control”:“no-cache”,“x-forwarded-for”:“IP_removed”,“x-forwarded-host”:“FQDN_removed”,“x-forwarded-server”:“FQDN_removed”,“connection”:“Keep-Alive”,“content-length”:“34”},“remoteAddress”:“127.0.0.1”,“userAgent”:“127.0.0.1”,“referer”:“https://FQDN_removed/login”},“res”:{“statusCode”:400,“responseTime”:46,“contentLength”:9},“message”:“POST /login 400 46ms - 9.0B”}
{“type”:“log”,"@timestamp":“2018-10-17T22:00:00Z”,“tags”:[“error”,“readonlyrest_kbn”],“pid”:20778,“message”:“got an error [400] Bad Request for path /login”}
{“type”:“error”,"@timestamp":“2018-10-18T18:06:49Z”,“tags”:[“error”,“readonlyrest_kbn”],“pid”:20778,“level”:“error”,“error”:{“message”:“Request must contain a kbn-xsrf header.”,“name”:“Error”,“stack”:“Error: Request must contain a kbn-xsrf header.\n at /data/elastic/appl/kibana-6.4.1-linux-x86_64/src/server/http/xsrf.js:30:41\n at Items.serial (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/hapi/lib/request.js:403:22)\n at iterate (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/items/lib/index.js:36:13)\n at done (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/items/lib/index.js:28:25)\n at Function.wrapped (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/hoek/lib/index.js:879:20)\n at Function.internals.continue (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/hapi/lib/reply.js:108:10)\n at /data/elastic/appl/kibana-6.4.1-linux-x86_64/src/server/http/version_check.js:24:26\n at Items.serial (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/hapi/lib/request.js:403:22)\n at iterate (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/items/lib/index.js:36:13)\n at Object.exports.serial (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/items/lib/index.js:39:9)\n at _protect.run (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/hapi/lib/request.js:398:15)\n at module.exports.internals.Protect.internals.Protect.run (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/hapi/lib/protect.js:64:5)\n at internals.Request._invoke (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/hapi/lib/request.js:396:19)\n at each (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/hapi/lib/request.js:381:25)\n at iterate (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/items/lib/index.js:36:13)\n at done (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/items/lib/index.js:28:25)\n at onParsed (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/hapi/lib/route.js:402:20)\n at Subtext.parse (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/hapi/lib/route.js:423:20)\n at next (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/subtext/lib/index.js:45:26)\n at object (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/subtext/lib/index.js:172:20)\n at internals.Parser.object (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/subtext/lib/index.js:271:16)\n at Wreck.read (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/subtext/lib/index.js:163:14)\n at finish (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/subtext/node_modules/wreck/lib/index.js:374:20)\n at wrapped (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/hoek/lib/index.js:879:20)\n at module.exports.internals.Recorder.onReaderFinish (/data/elastic/appl/kibana-6.4.1-linux-x86_64/node_modules/subtext/node_modules/wreck/lib/index.js:449:16)\n at Object.onceWrapper (events.js:313:30)\n at emitNone (events.js:111:20)\n at module.exports.internals.Recorder.emit (events.js:208:7)”},“message”:“Request must contain a kbn-xsrf header.”}

Request looks like this:
https://FQDN_removed/login
Accept: text/html, application/xhtml+xml, image/jxr, /
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 34
Content-Type: application/x-www-form-urlencoded
Cookie: _svtri=9e0ff616-c9a6-4cc0-85a7-7cf65f935bae; _svs=%7B%22p%22%3A%7B%220%22%3A1506691295812%7D%2C%22c%22%3A%7B%221%22%3Atrue%2C%222%22%3Atrue%2C%223%22%3Atrue%7D%2C%22ct%22%3A1504018636472%7D; _ga=GA1.2.832544972.1504018383; LPVID=M3Yzg0ZjAwMDhkODU4NDRl; s_lastvisit=1506689493362; optimizelyEndUserId=oeu1504018493240r0.8087671892003161; s_getDays=1506691295960; s_cmphistory=%5B%5B%27referrer%27%2C%271506685937721%27%5D%5D; s_cvp90d=%5B%5B%27referrer%27%2C%271506685937725%27%5D%5D; _sp_id.1d0e=fbe6c4c7768a322d.1504018511.6.1506691298.1506685940; s_fid=1D81C7ECECDD8231-028E15672D1435D5; s_vi=[CS]v1|2CE5ADD705313910-4000010DE00036E7[CE]
Host: FQDN_removed
Referer: https://FQDN_removed/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response headers:
cache-control: no-cache
Connection: close
content-encoding: gzip
content-type: application/json; charset=utf-8
Date: Thu, 18 Oct 2018 18:14:44 GMT
kbn-name: kibana
kbn-xpack-sig: anonimized
Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2j
Transfer-Encoding: chunked
vary: accept-encoding

Version:
ELK 6.4.1
ROR: 1.16.27_es6.4.1

Chrome and Firefox are working without issues, but the Citrix team prefers IE11.

There is a apache reverse proxy in front of this Kibana.

Any good idea why IE11 would not work?


(Ronald van Boven) #2

The apache reverse proxy only does SSL handling.
Authentication is fully done by Kibana/RoR.
It is using auth_key_sha256 users (no LDAP or anything like this)


(Simone Scarduzio) #3

Hi @ronald.vanboven,

When you press the Enter Kibana button in ReadonlyREST’s login form, the browser sends a POST request via AJAX. In order for Kibana to accept the request, it has to contain the kbn-xsrf header. Unfortunately, it appears that IE11 behaves differently and it does not send it.

First of all, any chance to update the browser?


(Ronald van Boven) #4

Hi,

Yeah the whole browser updating thing is the problem with these Citrix guys :slight_smile:
We are now going to try Firefox 47, hopefully this works stable enough.

I suggest we keep this topic as reference for other users that ROR Pro with IE11 doesn’t work.
But no further action required if you ask me.