2237376 – [IBM] [Ceph Dashboard]: Allow CORS for an unauthorized access

Bug 2237376 - [IBM] [Ceph Dashboard]: Allow CORS for an unauthorized access

Summary: [IBM] [Ceph Dashboard]: Allow CORS for an unauthorized access

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Ceph-Dashboard
Sub Component:
Version:	5.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	6.1z2
Assignee:	Nizamudeen
QA Contact:	Sayalee
Docs Contact:	Akash Raj
URL:
Whiteboard:
Depends On:
Blocks:	2235257
TreeView+	depends on / blocked

Reported:	2023-09-05 07:30 UTC by Nizamudeen
Modified:	2024-03-03 04:25 UTC (History)
CC List:	6 users (show)
Fixed In Version:	ceph-17.2.6-131.el9cp
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-10-12 16:34:37 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-7314	None	None	None	2023-09-05 07:31:38 UTC
Red Hat Issue Tracker	RHCSDASH-1076	None	None	None	2023-09-05 07:31:42 UTC
Red Hat Product Errata	RHSA-2023:5693	None	None	None	2023-10-12 16:35:23 UTC

Description Nizamudeen 2023-09-05 07:30:04 UTC

This bug was initially created as a copy of Bug #2235563

I am copying this bug because: I need to deliver this fix in 6.1z2 as well



Description of problem:
Try to access the dashboard api from a different origin with an invalid token and see that there is no Access-Control-Allow-Origin header set in the response header. This is needed for the IBM SI to catch error like 401 on their code.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 RHEL Program Management 2023-09-05 07:30:15 UTC

Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.

Comment 10 errata-xmlrpc 2023-10-12 16:34:37 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 6.1 security, enhancement, and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:5693

Comment 11 Red Hat Bugzilla 2024-03-03 04:25:23 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.