-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Collect Task not working when a proxy is set via HTTP #645
Comments
Hi @JulienRemi just to clarify, did you exchange the 2 screenshots ? I see an ip staring with |
Can you confirm what kind of proxy you're using and how you configured it in glpi-agent ? |
It's a forward proxy but it's something global to our compagnie and I don't have the hand on it. |
Hi @JulienRemi I just had time to try your issue. As my test instance supports http & https accesses, I can tell you:
So can you clarify few points ?
|
Hi,
|
Hi @JulienRemi for what I read, the cookies support standard seems only supported through proxy for https requests. This should be of course for security reasons: don't leave a chance to the proxy to hijack security related cookies and permits the proxy to perform a MITM attack. So by now, I think you should just manage to use (or enable and use if you still didn't configure it) SSL through the proxy. |
Ok I see thanks. |
They don't require csrf cookie. |
Hi @JulienRemi I think we can close this issue. Feel free to reopen if you think I'm wrong. |
Hi @g-bougard, Well, I would like to have the collect working in http too, because why only this task use csrf cookies ? |
Only this task uses multiple POST requests and, in that case, CSRF is required to avoid any possible man-in-the-middle attack. Using HTTP to make such advanced task is definitively not a good option. You should definitively implement SSL support on your server. |
Bug reporting acknowledgment
Yes, I read it
Professional support
None
Describe the bug
The agent doesn't put cookies informations in his POST request for the collect task when a proxy is set in the GLPI-agent configuration.
Here is the request when no proxy is set up :
![image](https://private-user-images.githubusercontent.com/71510592/320846466-da266ea4-402a-49fd-8f9b-6a339128e1cf.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTkzNDA2NzQsIm5iZiI6MTcxOTM0MDM3NCwicGF0aCI6Ii83MTUxMDU5Mi8zMjA4NDY0NjYtZGEyNjZlYTQtNDAyYS00OWZkLThmOWItNmEzMzkxMjhlMWNmLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjUlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjI1VDE4MzI1NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTBhY2NjMjliMjM3ODZiZmJkNDgxZWRjMmNlZTkxYzA3Zjg0ZTA5YTkyNzQxNDQ2N2U0ZGYzYTA3NmE4YWM4ZDkmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.l8WuaUo0hmQUXJfWUOZmLryJUJMt3UO-9KGXiEbjJ3M)
And with a proxy :
![image](https://private-user-images.githubusercontent.com/71510592/320845886-bd7d4c71-c28a-4979-a65b-b92d1df9b6db.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTkzNDA2NzQsIm5iZiI6MTcxOTM0MDM3NCwicGF0aCI6Ii83MTUxMDU5Mi8zMjA4NDU4ODYtYmQ3ZDRjNzEtYzI4YS00OTc5LWE2NWItYjkyZDFkZjliNmRiLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjUlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjI1VDE4MzI1NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTY5NmQyZDdlM2E2ODljZDk4ZjllZDhlZDkzOTllODJhZjVhMzkyNjQ0NmI1YjQxNjM5YTUzMGQ1ZmU4ZjEyMDImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.rMEP7HRypsMezyp1HwldRkmOsR9eFgouYrDQceUfwhU)
I received the Set-cookie header in both case in the previous request.
Then, the collect task throw an error on the POST request when a proxy is used by the agent, because it receive an html Access Refused page :
There is an error in the access-error.log file on the server :
CSRF check failed for User ID: at /plugins/glpiinventory/b/collect/?action=setAnswer&uuid=660eb484740a3&method=POST
The collect task work well when no proxy is set.
To reproduce
Expected behavior
Collect task working like it does without proxy
Operating system
Windows
GLPI Agent version
1.7.3
GLPI version
10.0.14
GLPIInventory plugin or other plugin version
GLPI Inventory v1.3.5
Additional context
No response
The text was updated successfully, but these errors were encountered: