You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Kratos Public API endpoint/self-service/settings/api leaks a stack trace with an error, when there is no active session
{"error":{"code":403,"status":"Forbidden","reason":"This endpoint can only be accessed with a valid session. Please log in and try again.","debug":"rid=\nerror=request does not have a valid authentication session\nreason=No active session was found in this request.\ndetails=map[]\ndebug=\n\ngithub.com/ory/kratos/session.(*ManagerHTTP).FetchFromRequest\n\t/Users/seremenko/workplace/kratos_wish/session/manager_http.go:125\ngithub.com/ory/kratos/session.(*Handler).IsAuthenticated.func1\n\t/Users/seremenko/workplace/kratos_wish/session/handler.go:158\ngithub.com/ory/kratos/x.NoCacheHandler.func1\n\t/Users/seremenko/workplace/kratos_wish/x/nocache.go:18\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/Users/seremenko/go/pkg/mod/github.com/julienschmidt/httprouter@v1.3.0/router.go:387\ngithub.com/ory/nosurf.(*CSRFHandler).handleSuccess\n\t/Users/seremenko/go/pkg/mod/github.com/ory/nosurf@v1.2.5/handler.go:201\ngithub.com/ory/nosurf.(*CSRFHandler).ServeHTTP\n\t/Users/seremenko/go/pkg/mod/github.com/ory/nosurf@v1.2.5/handler.go:152\ngithub.com/urfave/negroni.Wrap.func1\n\t/Users/seremenko/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/Users/seremenko/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/Users/seremenko/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/kratos/x.glob..func1\n\t/Users/seremenko/workplace/kratos_wish/x/clean_url.go:12\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/Users/seremenko/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/Users/seremenko/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/Users/seremenko/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:96\ngithub.com/rs/cors.(*Cors).Handler.func1\n\t/Users/seremenko/go/pkg/mod/github.com/rs/cors@v1.6.0/cors.go:207\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\ngithub.com/gorilla/context.ClearHandler.func1\n\t/Users/seremenko/go/pkg/mod/github.com/gorilla/context@v1.1.1/context.go:141\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2887\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1952\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1371","message":"The requested action was forbidden"}}
{"error":{"code":403,"status":"Forbidden","reason":"This endpoint can only be accessed with a valid session. Please log in and try again.","message":"The requested action was forbidden"}}
Environment
Version: v0.7.1
The text was updated successfully, but these errors were encountered:
Describe the bug
Kratos Public API endpoint
/self-service/settings/api
leaks a stack trace with an error, when there is no active sessionReproducing the bug
Steps to reproduce the behavior:
curl http://localhost:4433/self-service/settings/api
Expected behavior
Expected response:
Environment
The text was updated successfully, but these errors were encountered: