-
Notifications
You must be signed in to change notification settings - Fork 902
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Default Content Security Policy prevents login after upgrade to 3.0.13 #4417
Comments
Same here.. Had to rollback to 3.0.12 |
@paulholden I was able to replicate this behavior if I configured ssl for my Rundeck instance, but left the |
Hi @sjrd218, I've checked the My Rundeck instance is bound to 127.0.0.1:4440 (HTTP) and I use Apache as an SSL terminating proxy by adding the following to the
|
Note: you can disable or modify the CSP headers if you are having issues, without downgrading rundeck:
You can also try just enabling the URL that doesn't seem to work by modifying the form-action directive:
|
Hi! Got same issue with rundeck behind proxy with terminating ssl on it. Solving:
NOTICE: Don't forget that when you terminating ssl in proxy, then your scheme becomes 'http' on next hop, so this is where 'X-Forwarded-Proto' becomes handy and you can pass its value to the next hop instead of scheme.
NOTE: If '-Drundeck.jetty.connector.forwarded=true' not helping, then try to set 'server.useForwardHeaders=true' in rundeck-config.properties' config (see #4201) All this steps ensures that you'll successfully pass CSP checks ;-) |
Thank you @SergeyBear, that seems to have resolved this 👍 - for reference, here is the additional line I've added to my vhost config:
The following suggestions by you were already set:
I guess this issue can be closed then. |
I meet this problem. I fixed it by alter "framework.server.url" in /etc/rundeck/framework.properties and "grails.serverURL" in /etc/rundeck/rundeck-config.properties . |
I hit this today, responses here were helpful. Especially @gschueler, personally i think Hope this helps someone. |
For those using docker, you need to add the following to your variables: |
I tried with nginx as a reverse proxy server with two rundeck CE instances running on different VM's getting the error though I follow the above recommendations. nginx configuration: =============== location /rundeck { Rundeck Configuration: grails.server.url=htps://nginx1.server.com:4443 Rundeck application is loading with nginx url but authentication is not happening notice the below error on browser console. Refused to send form data to 'https://nginx1.server.com:4443/' because it violates the following Content Security Policy directive: "form-action 'self'". Actually authentication is happening in rundeck but some issue with nginx response not sure exactly. proxy_pass https://nginx1.server.com:4443/rundeck; Error is: Need to tweak nginx configuration? Please advise. Thanks, Raj |
We ran into this issue after upgrading to version 4.x, rolling back to 3.4.10 fixed it. |
To fix this I believe you need to set:
However, if you do that - due to #6960 it will fail. I don't understand why that issue has been marked as stale as it is a trivial fix to resolve. To work-around that issue, I have set:
|
@williamhargrove I submitted a pr to fix #6960 - #7680 |
FYI, I’m not using docker, so your patch @gschueler will not solve the issue. Setting |
Describe the bug
I upgraded to version 3.0.13 today (from 3.0.12), and found I am unable to login to the site - checking the Chromium browser console, the following error is printed:
My Rundeck detail
Seems related to the changes introduced in #4405 - note I haven't made any changes to the rundeck configuration since upgrading, as I expected the defaults would at least not break the site
The text was updated successfully, but these errors were encountered: