Console -- likely the notification drawer -- keeps polling for the ClusterVersion resource when logged in as a normal user who doesn't have authority. This adds a lot of errors to the JS log and causes many unnecessary requests.
We should only request that resource for users who have access. There is a `CLUSTER_VERSION` flag you can check.
Move to upcoming sprint. Will look at this on bugfix mondays.
We did not have time to fix this issue this sprint. Will reevaluate and try to fix in next sprint.
Created attachment 1771755 [details]
Checked on ocp 4.8 cluster with payload 4.8.0-0.nightly-2021-04-13-171608.
Login console with normal user, check logs in dev console, there are some 403 forbidden errors about promethues/alertmanager and many cookie warnings:
[HTTP/1.1 403 Forbidden 4905ms]
Cookie “_oauth_proxy” has been rejected for invalid domain. rules
[HTTP/1.1 403 Forbidden 5354ms]
Cookie “_oauth_proxy” has been rejected for invalid domain.
Pls refer to screenshot.
Hi, Yanping. This fix is only for polling ClusterVersion specifically. There will be some other 403 errors that are expected. Are these being polled constantly or only single requests?
Moving back to ON_QA. If there are additional issues, we should open separate bugs to track.
*** Bug 1952555 has been marked as a duplicate of this bug. ***
Raising the severity since this floods the log with messages making it harder to troubleshoot other problems.
Checked on ocp 48 cluster with payload 4.8.0-0.nightly-2021-04-22-182303, after normal user login console, check logs in dev console, there is no request for "ClusterVersion" resource. Check in console pod log, there is no this kind of request, neither.
The issue in the bug description has been fixed.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.