New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redirect loop following login after visiting /grafana, but not for /grafana/ #22227
Comments
Can you try latest nightly build? Exactly what version are you running? Pre 6.6.2 is not a version we have released, looks strange |
I'm using this Docker image with grafana installed, it is the image that was built following the merge of #21652, so it is something in between 6.6.1 (released) and 6.6.2 (unreleased).
I can try the current master build, grafana/grafana:master on Docker hub. Done! I experience the same issue still. |
The issue I experience relates to I recorded a GIF showing that if i modify my cookie to be sent along with web requests of path PR IdeaWe avoid a trailing slash on the cookie path. Is that plausible? I'm not used to working with cookies yet, and doesn't fully understand how the path works except that it is some filter to say when to pass along the cookie with the web request. |
This is the code that sets the cookie path to grafana/pkg/middleware/cookie.go Lines 16 to 23 in a157928
It may make sense to append ConclusionI'm not sure how to proceed. Ideas:
|
According to https://stackoverflow.com/a/53784228 seems like RFC 6265, April 2011 suggest to include |
Hej @marefr =) It would be fun for me to make my first code contribution to grafana. What do you think about updating the code below to set the cookie path like grafana/pkg/middleware/cookie.go Lines 16 to 23 in a157928
|
@consideRatio thanks. @papagian will review your PR |
@consideRatio just noticed you're using both |
@marefr I'd love to make a lasting contribution rather than working around the issue ;) I do use a I understand there are tricks to manipulate the request and response in a reverse proxy so it looks to the user its original request was served under a subpath but the serving server was fooled to think it served a request on a root path. Is this kind of trick needed if I disable Off topic: grafana.ini:
server:
domain: example.org
root_url: 'https://%(domain)s/grafana'
# does serve_from_sub_path=false, ever make sense given the root_url above?
serve_from_sub_path: true |
I understand that, but given we had a lot of other redirect related issues tried to provide a workaround so that you can have it working before we're able to review/accept your contribution which could take a while.
Yes, if you use a reverse proxy in front of Grafana. The root url is Grafana's public facing URL, like http://local.domain/grafana. So you can keep Grafana's default config and only change the root url and then configure your reverse proxy to proxy everything under a certain subpath to Grafana (localhost:3000). |
Ah thanks i understand things better now! Grafana will always need the public facing url to help the user find its way back after a redirect to oauth etc, but it may still want to listen on its root path if a reverse proxy did some stuff in between |
What happened:
I ended up in a redirect loop. The loop occur between
https://example.local/grafana
andhttps://example.local/grafana/login
, and occur after an initial visit to/grafana
and the initial login to/grafana/login
.What you expected to happen:
To continue from a successful login at
/grafana
or/grafana/
that renders to the Grafana home screen.How to reproduce it (as minimally and precisely as possible):
Deploy Grafana using the charts/stable Grafana Helm chart.
Configure the Helm chart like this, but with a valid domain name
/grafana/login
and login.Anything else we need to know?:
My investigation and thoughts:
redirect_to
cookie is set to/grafana
(%2Fgrafana
) or/grafana/
(%2Fgrafana%2F
) on a visit tohttp://example.local/grafana
(no trailing/
) orhttp://example.local/grafana/
(with trailing/
). This is probably fine as it is./grafana
or/grafana/
, both requests should be treated by the Webservers home screen handler for the authenticated user.Environment:
The text was updated successfully, but these errors were encountered: