Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1781035

Summary: 403 Forbidden error for Prometheus experimental React UI
Product: OpenShift Container Platform Reporter: Junqi Zhao <juzhao>
Component: MonitoringAssignee: Simon Pasquier <spasquie>
Status: CLOSED UPSTREAM QA Contact: Junqi Zhao <juzhao>
Severity: low Docs Contact:
Priority: low    
Version: 4.3.0CC: alegrand, anpicker, erooth, kakkoyun, lcosic, mloibl, pkrupa, spasquie, surbania
Target Milestone: ---Keywords: Regression
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: groom
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-06 13:16:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1824227    
Bug Blocks:    
Attachments:
Description Flags
403 Forbidden error none

Description Junqi Zhao 2019-12-09 06:31:25 UTC 
Created attachment 1643187 [details]
403 Forbidden error

Description of problem:
Click "Try experimental React UI" in ${prometheus_route}, it links to ${prometheus_route}/new/graph,
but meet 403 Forbidden in the experimental React UI.

For example, Request URL:https://prometheus-k8s-openshift-monitoring.apps.qe-groupd-1209.qe.devcluster.openshift.com/api/v1/label/__name__/values is 403
checked from the Classic UI, Request URL is: https://prometheus-k8s-openshift-monitoring.apps.qe-groupd-1209.qe.devcluster.openshift.com/api/v1/label/__name__/values?_=1575870711267



Version-Release number of selected component (if applicable):
# oc -n openshift-monitoring logs -c prometheus prometheus-k8s-0 | grep version
level=info ts=2019-12-09T02:05:01.754Z caller=main.go:332 msg="Starting Prometheus" version="(version=2.14.0, branch=rhaos-4.3-rhel-7, revision=bc887ad37b1ec45d526dd4ae1e8a1f6aa6b5b448)"

4.3.0-0.nightly-2019-12-08-190955

How reproducible:
Always

Steps to Reproduce:
1. See the description
2.
3.

Actual results:
403 error

Expected results:
no error

Additional info:
Comment 1 Simon Pasquier 2019-12-09 10:26:40 UTC 
After investigating with Junqi, this is due to the browser not sending the Cookie header to the OAuth proxy server. It can't be reproduced with recent versions of Firefox and Chromium (eg they send the Cookie header).
IIUC the fetch API used to avoid sending cookies by default ("credentials: 'omit'") but this has changed to "credentials: 'same-origin'" about 2 years ago:

https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch
https://github.com/whatwg/fetch/pull/585

Changing the priority to Low since it only affects older browsers.