Unable to make changes to pipeline groups via web interface
34 views
Skip to first unread message
asm...@mapaction.org
Jul 10, 2020, 11:11:54 AM7/10/20
to go-cd
Dear All,
I have recently started having problems making changes to pipeline groups via the Web UI. This server has been in use for a bit shy of a year and there have been no recent changes to the configuration. I'd be very grateful for any pointers for how to debug this please.
Server details; GoCD Version: 19.10.0 on Ubuntu 18.04.3 LTS
When I attempt to create a new pipeline group I now get this error message in the browser:
"Add New Pipeline Group
The change you wanted was rejected.
Maybe you tried to change something you didn't have access to.
If you are the application owner check the logs for more information."
An error message is added to the logfile `/var/log/go-server/go-server.log` (I've added the full stack trace at the bottom of the email):
```
2020-07-10 11:10:15,261 WARN [qtp1750626127-41] Rails:-2 - HTTP Origin header (https://my.domain.com ) didn't match request.base_url (http://my.domain.com )
2020-07-10 11:10:15,275 ERROR [qtp1750626127-41] Rails:-1 -
2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 -
2020-07-10 11:10:15,277 ERROR [qtp1750626127-41] Rails:-1 - gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request'
```
The error message in the logfile refers to the "http" prefix for the site URL, I have not been able to find anywhere in the any of the config files which uses the http protocol, only the "https" protocol, though I may have missed something.
I *can* perform the same actions via API:
```
curl 'https://my.domain.com/go/api/admin/pipeline_groups' -H 'Authorization: Bearer my-access-token' -H 'Accept: application/vnd.go.cd.v1+json' -H 'Content-Type: application/json' -X POST -d '{"name":"group_created_via_api"}'
```
I've had a google for the error message, and could only find these two references:
https://github.com/gocd/gocd/issues/5296
https://gitter.im/gocd/gocd?at=5bc97dd41e23486b93e2421f
Both of these point to a problems with the reverse proxy server, specific browsers and github oauth, though neither specify what details of the problem might be.
I do have a reverse proxy configured, using Apache. I used this guide when setting it up:
https://docs.gocd.org/current/installation/configure-reverse-proxy.html
However the configure of the reverse proxy has not changed since Oct 2019, and it has been working fine up until a couple of days ago. Nothing is logged in `/var/log/apache2/error.log` when the error occurs in the WebUI.
I did upgrade Firefox recently to Firefox version: 78.0.2. The is the only significant change I aware of in the past few days. I have tried and have the same problem with Chrome version 83.0.4103.116 and MS Edge 44.17763.831.0, though I don't know if or when they were working previously.
Finally the problem effects users authenticated with any of the Google OAuth, Github OAuth or filebased authentication. In each case the user has system admin privileges.
Does anyone have any suggestions as to what the problem might be? Or any other information I need to find to help debug?
Many thanks,
Andy
Full stacktrace as given in the logfile extract:
```
2020-07-10 11:10:15,261 WARN [qtp1750626127-41] Rails:-2 - HTTP Origin header (https://my.domain.com ) didn't match request.base_url (http://my.domain.com )
2020-07-10 11:10:15,275 ERROR [qtp1750626127-41] Rails:-1 -
2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 -
2020-07-10 11:10:15,277 ERROR [qtp1750626127-41] Rails:-1 - gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:243:in `handle_unverified_request'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:238:in `verify_authenticity_token'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:426:in `block in make_lambda'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:179:in `block in halting_and_conditional'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/callbacks.rb:34:in `block in Callbacks'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:180:in `block in halting_and_conditional'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:513:in `block in invoke_before'
org/jruby/RubyArray.java:1801:in `each'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:513:in `invoke_before'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:131:in `run_callbacks'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/callbacks.rb:41:in `process_action'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/rescue.rb:22:in `process_action'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications.rb:168:in `block in instrument'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications/instrumenter.rb:23:in `instrument'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications.rb:168:in `instrument'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:32:in `process_action'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/base.rb:134:in `process'
gems/jruby/2.5.0/gems/actionview-5.2.2.1/lib/action_view/rendering.rb:32:in `process'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal.rb:191:in `dispatch'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal.rb:252:in `dispatch'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:34:in `serve'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/journey/router.rb:52:in `block in serve'
org/jruby/RubyArray.java:1801:in `each'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/journey/router.rb:35:in `serve'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:840:in `call'
gems/jruby/2.5.0/gems/versionist-1.7.0/lib/versionist/middleware.rb:39:in `_call'
gems/jruby/2.5.0/gems/versionist-1.7.0/lib/versionist/middleware.rb:17:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/tempfile_reaper.rb:15:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/etag.rb:25:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/conditional_get.rb:38:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/head.rb:12:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/http/content_security_policy.rb:18:in `call'
uri:classloader:/jruby/rack/session_store.rb:79:in `context'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:226:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/cookies.rb:670:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:98:in `run_callbacks'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/rack/logger.rb:38:in `call_app'
gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/rack/logger.rb:28:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/request_id.rb:27:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/method_override.rb:22:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/runtime.rb:22:in `call'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/executor.rb:14:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/static.rb:127:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/sendfile.rb:111:in `call'
gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/engine.rb:524:in `call'
uri:classloader:/rack/handler/servlet.rb:22:in `call'
```
Server details; GoCD Version: 19.10.0 on Ubuntu 18.04.3 LTS
When I attempt to create a new pipeline group I now get this error message in the browser:
"Add New Pipeline Group
The change you wanted was rejected.
Maybe you tried to change something you didn't have access to.
If you are the application owner check the logs for more information."
An error message is added to the logfile `/var/log/go-server/go-server.log` (I've added the full stack trace at the bottom of the email):
```
2020-07-10 11:10:15,261 WARN [qtp1750626127-41] Rails:-2 - HTTP Origin header (https://my.domain.com ) didn't match request.base_url (http://my.domain.com )
2020-07-10 11:10:15,275 ERROR [qtp1750626127-41] Rails:-1 -
2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 -
2020-07-10 11:10:15,277 ERROR [qtp1750626127-41] Rails:-1 - gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request'
```
The error message in the logfile refers to the "http" prefix for the site URL, I have not been able to find anywhere in the any of the config files which uses the http protocol, only the "https" protocol, though I may have missed something.
I *can* perform the same actions via API:
```
curl 'https://my.domain.com/go/api/admin/pipeline_groups' -H 'Authorization: Bearer my-access-token' -H 'Accept: application/vnd.go.cd.v1+json' -H 'Content-Type: application/json' -X POST -d '{"name":"group_created_via_api"}'
```
I've had a google for the error message, and could only find these two references:
https://github.com/gocd/gocd/issues/5296
https://gitter.im/gocd/gocd?at=5bc97dd41e23486b93e2421f
Both of these point to a problems with the reverse proxy server, specific browsers and github oauth, though neither specify what details of the problem might be.
I do have a reverse proxy configured, using Apache. I used this guide when setting it up:
https://docs.gocd.org/current/installation/configure-reverse-proxy.html
However the configure of the reverse proxy has not changed since Oct 2019, and it has been working fine up until a couple of days ago. Nothing is logged in `/var/log/apache2/error.log` when the error occurs in the WebUI.
I did upgrade Firefox recently to Firefox version: 78.0.2. The is the only significant change I aware of in the past few days. I have tried and have the same problem with Chrome version 83.0.4103.116 and MS Edge 44.17763.831.0, though I don't know if or when they were working previously.
Finally the problem effects users authenticated with any of the Google OAuth, Github OAuth or filebased authentication. In each case the user has system admin privileges.
Does anyone have any suggestions as to what the problem might be? Or any other information I need to find to help debug?
Many thanks,
Andy
Full stacktrace as given in the logfile extract:
```
2020-07-10 11:10:15,261 WARN [qtp1750626127-41] Rails:-2 - HTTP Origin header (https://my.domain.com ) didn't match request.base_url (http://my.domain.com )
2020-07-10 11:10:15,275 ERROR [qtp1750626127-41] Rails:-1 -
2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 -
2020-07-10 11:10:15,277 ERROR [qtp1750626127-41] Rails:-1 - gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:243:in `handle_unverified_request'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:238:in `verify_authenticity_token'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:426:in `block in make_lambda'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:179:in `block in halting_and_conditional'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/callbacks.rb:34:in `block in Callbacks'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:180:in `block in halting_and_conditional'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:513:in `block in invoke_before'
org/jruby/RubyArray.java:1801:in `each'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:513:in `invoke_before'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:131:in `run_callbacks'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/callbacks.rb:41:in `process_action'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/rescue.rb:22:in `process_action'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications.rb:168:in `block in instrument'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications/instrumenter.rb:23:in `instrument'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications.rb:168:in `instrument'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:32:in `process_action'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/base.rb:134:in `process'
gems/jruby/2.5.0/gems/actionview-5.2.2.1/lib/action_view/rendering.rb:32:in `process'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal.rb:191:in `dispatch'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal.rb:252:in `dispatch'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:34:in `serve'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/journey/router.rb:52:in `block in serve'
org/jruby/RubyArray.java:1801:in `each'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/journey/router.rb:35:in `serve'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:840:in `call'
gems/jruby/2.5.0/gems/versionist-1.7.0/lib/versionist/middleware.rb:39:in `_call'
gems/jruby/2.5.0/gems/versionist-1.7.0/lib/versionist/middleware.rb:17:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/tempfile_reaper.rb:15:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/etag.rb:25:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/conditional_get.rb:38:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/head.rb:12:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/http/content_security_policy.rb:18:in `call'
uri:classloader:/jruby/rack/session_store.rb:79:in `context'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:226:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/cookies.rb:670:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:98:in `run_callbacks'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/rack/logger.rb:38:in `call_app'
gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/rack/logger.rb:28:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/request_id.rb:27:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/method_override.rb:22:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/runtime.rb:22:in `call'
gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/executor.rb:14:in `call'
gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/static.rb:127:in `call'
gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/sendfile.rb:111:in `call'
gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/engine.rb:524:in `call'
uri:classloader:/rack/handler/servlet.rb:22:in `call'
```
Andrew Smith
Jul 14, 2020, 8:03:45 AM7/14/20
to go...@googlegroups.com
Hello,
Thank you Aravind SV for the private reply.
I'm just replying here for reference in case anyone else has a similar problem in the future.
I have checked that both the “Site URL” and “Secure Site URL” in the “Server Configuration” (https://your-server/go/admin/config/server) point to the “https” URL. However this does not resolve the problem (unless there is a cache that needs clearing somewhere I'm not aware of)
I have installed an older version of Firefox via PortableApps. I am able to use Firefox (v52) to make the required changes to the PipelineGroups (which is a short term workaround).
So whatever the cause of the problem it is specific to something that is not accepted by the fully up to date browsers. I will try upgrading my GoCD instance in due course and see if that gives a better solution.
Many thanks,
Andy
Thank you Aravind SV for the private reply.
I'm just replying here for reference in case anyone else has a similar problem in the future.
I have checked that both the “Site URL” and “Secure Site URL” in the “Server Configuration” (https://your-server/go/admin/config/server) point to the “https” URL. However this does not resolve the problem (unless there is a cache that needs clearing somewhere I'm not aware of)
I have installed an older version of Firefox via PortableApps. I am able to use Firefox (v52) to make the required changes to the PipelineGroups (which is a short term workaround).
So whatever the cause of the problem it is specific to something that is not accepted by the fully up to date browsers. I will try upgrading my GoCD instance in due course and see if that gives a better solution.
Many thanks,
Andy
Andy Smith
Head of Technical Development
MapAction
Mapping for people in crisis
Head of Technical Development
MapAction
Mapping for people in crisis
Douglas Court, 1-2 Seymour Business Park, Station Road, Chinnor, OX39 4HA
t: +44 (0)1494 568 899 | mapaction.org | asm...@mapaction.org
Please note my regular working days are Tuesday to Friday
For more information about the MapAction privacy policy see mapaction.org/privacy
t: +44 (0)1494 568 899 | mapaction.org | asm...@mapaction.org
Please note my regular working days are Tuesday to Friday
For more information about the MapAction privacy policy see mapaction.org/privacy
--
You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/f9a6339c-a374-4004-bcab-74324cf7246dn%40googlegroups.com.
Ketan Padegaonkar
Jul 14, 2020, 8:08:45 AM7/14/20
to go...@googlegroups.com
Could you share your reverse proxy config along with the request being sent via your browser? To capture the request - Open dev tools -> network tab -> right click on request -> copy as curl. Make sure to remove sensitive information (URL, credentials)
- Ketan
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CAM5WB9C%2BDKvQHB8A073ysFAq0t4SfboqmDw4G3m5%2BeLJhYJQow%40mail.gmail.com.
Andrew Smith
Jul 14, 2020, 2:43:48 PM7/14/20
to go...@googlegroups.com
Hi Ketan,
Thank you. I've tried this and get can seen quite different behaviour for the different browser versions:
Firefox 78 - There is a single request to "https://my.gocd.server.com/go/admin/pipeline_group" which fails.
Firefox 60 - There are two requests. First to http://my.gocd.server.com/go/admin/pipelines?fm=form-guid which gets a 301 redirect to the https://my.gocd.server.com/go/admin/pipelines?fm=form-guid. The request to this second URL succeeds.
I've added the details of the requests and the Apache config files below. I have replaced the following parameters:
* URL
* JSESSIONID
* authenticity_token
* config_md5
* X-Request-Id
* guid of the form for `pipelines?fm=`
I'm grateful for any pointers. Many thanks for your help,
Andy
Firefox v78
=============
Curl
----
curl 'https://my.gocd.server.com/go/admin/pipeline_group'
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0'
-H 'Accept: */*'
-H 'Accept-Language: en-GB,en;q=0.5' --compressed
-H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'
-H 'X-Requested-With: XMLHttpRequest'
-H 'Origin: https://my.gocd.server.com'
-H 'Connection: keep-alive'
-H 'Referer: https://my.gocd.server.com/go/admin/pipelines'
-H 'Cookie: JSESSIONID=ff78-session-id.node0' --data-raw 'utf8=%E2%9C%93&authenticity_token=ff78-authenticity-token&config_md5=ff78-config_md5&group%5Bgroup%5D=ffgroupv78'
Request-Header
--------------
POST /go/admin/pipeline_group HTTP/1.1
Host: my.gocd.server.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 195
Origin: https://my.gocd.server.com
Connection: keep-alive
Referer: https://my.gocd.server.com/go/admin/pipelines
Cookie: JSESSIONID=ff78-session-id.node0
Response-Header
--------------
HTTP/1.1 422 Unprocessable Entity
Date: Tue, 14 Jul 2020 16:37:47 GMT
Server: Apache/2.4.29 (Ubuntu)
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: chrome=1
Content-Type: text/html;charset=utf-8
X-Request-Id: a-request-id-guid
X-Runtime: 0.092788
Content-Length: 1705
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
(Fails to create relevant pipeline group)
Firefox60
=========
Curl-1
----
curl "http://my.gocd.server.com/go/admin/pipelines?fm=form-guid"
-H "Host: my.gocd.server.com"
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
-H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
-H "Accept-Language: en-US,en;q=0.5" --compressed
-H "Cookie: JSESSIONID=ff60-session-id.node0"
-H "Connection: keep-alive"
-H "Upgrade-Insecure-Requests: 1"
Request-Header-1
--------------
Host: my.gocd.server.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=ff60-session-id.node0
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Response-Header-1
--------------
Host: my.gocd.server.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=ff60-session-id.node0
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Curl-2
----
curl "https://my.gocd.server.com/go/admin/pipelines?fm=form-guid"
-H "Host: my.gocd.server.com"
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
-H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
-H "Accept-Language: en-US,en;q=0.5" --compressed
-H "Cookie: JSESSIONID=ff60-session-id.node0"
-H "Connection: keep-alive"
-H "Upgrade-Insecure-Requests: 1"
Request-Header-2
--------------
Host: my.gocd.server.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cookie: JSESSIONID=ff60-session-id.node0
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Response-Header-2
--------------
HTTP/1.1 200 OK
Date: Tue, 14 Jul 2020 16:22:08 GMT
Server: Apache/2.4.29 (Ubuntu)
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: chrome=1
Content-Type: text/html;charset=utf-8
ETag: W/"37c71d34e8631cc8d5274afc4afa6783--gzip"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 8b1e22cb-70b6-480e-8341-839ab067a56d
X-Runtime: 0.586569
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
(Succeeds in creating the relevant pipeline group)
The relevant config files for Apache are below:
$ sudo more /etc/apache2/sites-enabled/*.conf
::::::::::::::
000-default.conf
::::::::::::::
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
ServerName my.gocd.server.com
RewriteEngine on
# RewriteCond %{SERVER_NAME} =my.gocd.server.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R=permanent,L]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
::::::::::::::
000-default-le-ssl.conf
::::::::::::::
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# Proxy everything over to the GoCD server
ProxyPass / http://localhost:8153/
ProxyPassReverse / http://localhost:8153/
ProxyPreserveHost On
# RequestHeader set X-Forwarded-Proto "https"
<Location />
Order allow,deny
Allow from all
</Location>
SSLEngine on
ServerName my.gocd.server.com
SSLCertificateFile /etc/letsencrypt/live/my.gocd.server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.gocd.server.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Thank you. I've tried this and get can seen quite different behaviour for the different browser versions:
Firefox 78 - There is a single request to "https://my.gocd.server.com/go/admin/pipeline_group" which fails.
Firefox 60 - There are two requests. First to http://my.gocd.server.com/go/admin/pipelines?fm=form-guid which gets a 301 redirect to the https://my.gocd.server.com/go/admin/pipelines?fm=form-guid. The request to this second URL succeeds.
I've added the details of the requests and the Apache config files below. I have replaced the following parameters:
* URL
* JSESSIONID
* authenticity_token
* config_md5
* X-Request-Id
* guid of the form for `pipelines?fm=`
I'm grateful for any pointers. Many thanks for your help,
Andy
Firefox v78
=============
Curl
----
curl 'https://my.gocd.server.com/go/admin/pipeline_group'
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0'
-H 'Accept: */*'
-H 'Accept-Language: en-GB,en;q=0.5' --compressed
-H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'
-H 'X-Requested-With: XMLHttpRequest'
-H 'Origin: https://my.gocd.server.com'
-H 'Connection: keep-alive'
-H 'Referer: https://my.gocd.server.com/go/admin/pipelines'
-H 'Cookie: JSESSIONID=ff78-session-id.node0' --data-raw 'utf8=%E2%9C%93&authenticity_token=ff78-authenticity-token&config_md5=ff78-config_md5&group%5Bgroup%5D=ffgroupv78'
Request-Header
--------------
POST /go/admin/pipeline_group HTTP/1.1
Host: my.gocd.server.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 195
Origin: https://my.gocd.server.com
Connection: keep-alive
Referer: https://my.gocd.server.com/go/admin/pipelines
Cookie: JSESSIONID=ff78-session-id.node0
Response-Header
--------------
HTTP/1.1 422 Unprocessable Entity
Date: Tue, 14 Jul 2020 16:37:47 GMT
Server: Apache/2.4.29 (Ubuntu)
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: chrome=1
Content-Type: text/html;charset=utf-8
X-Request-Id: a-request-id-guid
X-Runtime: 0.092788
Content-Length: 1705
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
(Fails to create relevant pipeline group)
Firefox60
=========
Curl-1
----
curl "http://my.gocd.server.com/go/admin/pipelines?fm=form-guid"
-H "Host: my.gocd.server.com"
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
-H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
-H "Accept-Language: en-US,en;q=0.5" --compressed
-H "Cookie: JSESSIONID=ff60-session-id.node0"
-H "Connection: keep-alive"
-H "Upgrade-Insecure-Requests: 1"
Request-Header-1
--------------
Host: my.gocd.server.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=ff60-session-id.node0
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Response-Header-1
--------------
Host: my.gocd.server.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=ff60-session-id.node0
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Curl-2
----
curl "https://my.gocd.server.com/go/admin/pipelines?fm=form-guid"
-H "Host: my.gocd.server.com"
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
-H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
-H "Accept-Language: en-US,en;q=0.5" --compressed
-H "Cookie: JSESSIONID=ff60-session-id.node0"
-H "Connection: keep-alive"
-H "Upgrade-Insecure-Requests: 1"
Request-Header-2
--------------
Host: my.gocd.server.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cookie: JSESSIONID=ff60-session-id.node0
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Response-Header-2
--------------
HTTP/1.1 200 OK
Date: Tue, 14 Jul 2020 16:22:08 GMT
Server: Apache/2.4.29 (Ubuntu)
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: chrome=1
Content-Type: text/html;charset=utf-8
ETag: W/"37c71d34e8631cc8d5274afc4afa6783--gzip"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 8b1e22cb-70b6-480e-8341-839ab067a56d
X-Runtime: 0.586569
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
(Succeeds in creating the relevant pipeline group)
The relevant config files for Apache are below:
$ sudo more /etc/apache2/sites-enabled/*.conf
::::::::::::::
000-default.conf
::::::::::::::
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
ServerName my.gocd.server.com
RewriteEngine on
# RewriteCond %{SERVER_NAME} =my.gocd.server.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R=permanent,L]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
::::::::::::::
000-default-le-ssl.conf
::::::::::::::
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# Proxy everything over to the GoCD server
ProxyPass / http://localhost:8153/
ProxyPassReverse / http://localhost:8153/
ProxyPreserveHost On
# RequestHeader set X-Forwarded-Proto "https"
<Location />
Order allow,deny
Allow from all
</Location>
SSLEngine on
ServerName my.gocd.server.com
SSLCertificateFile /etc/letsencrypt/live/my.gocd.server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.gocd.server.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Andy Smith
Head of Technical Development
MapAction
Mapping for people in crisis
Head of Technical Development
MapAction
Mapping for people in crisis
Douglas Court, 1-2 Seymour Business Park, Station Road, Chinnor, OX39 4HA
t: +44 (0)1494 568 899 | mapaction.org
t: +44 (0)1494 568 899 | mapaction.org
Please note my regular working days are Tuesday to Friday
For more information about the MapAction privacy policy see mapaction.org/privacy
For more information about the MapAction privacy policy see mapaction.org/privacy
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CAMUPJd7Kf_Q40HX%3Drp_YMwcF%3DvZ2v8px%3DkoGNSJMWuYToEpwzw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages