[UI] Names of cookies with a colon
Closed this issue · 2 comments
When I attempt to access the UI via the Teleport proxy, issues arise and I receive a 401 error.
Research has shown that when proxying via Teleport, cookies that contain a colon in the name are lost. In my case, this is a cookie named "smith:YTCypressCookie".
It seems that it is best not to use colons in cookie names:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#cookie-namecookie-value
If you believe this documentation and the Internet, then there may be problems not only with Teleport, but also with other services.
I have collected the output from tcpdump, which shows that at the time of the POST request to /login, cookies "YTCypressCookie" and "smith:YTCypressCookie" were installed. Then, when a GET request was made to /api/cluster-info/smith, "smith:YTCypressCookie" was no longer present, but "YTCypressCookie" remained.
When the UI makes a request to http proxies in the handle /auth/whoami, cookie "YTCypressCookie" is marked as undefined (as I understand it, it is put there from "smith:YTCypressCookie"). After this, we receive a 401 Unauthorized response + code 500 Unknown credentials. And I am not receiving a csrf_token.
PS
When I navigate directly to the user interface (without Teleport) page, I fill out a form with my username and password and am taken to the administrative interface for my cluster. All is well here.
I have attached the output from a tcpdump session when navigating directly to the UI to demonstrate that cookies are functioning properly and are not being lost.
Components version:
ytsaurus: stable-23.2.0-relwithdebinfo
ui: 1.34.0
query-tracker: 0.0.5-ya-build-relwithdebinfo
strawberry: 0.0.11
teleport: 10.3.16
@rudre, please try ytsaurus/ui-nightly:1.42.1 docker image. Feel free to reopen the issue if it doesn't help you.