Authentication required to GET data in browser

Bug #1624010 reported by Ekaterina Khomyakova
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Invalid
Undecided
Unassigned

Bug Description

Fuel 9.1 #266

Steps to reproduce:
1. Go to Fuel UI, log in
2. Try to get something via api, e.g. /api/clusters

Expected results:
Return list of clusters

Actual result:
'Authentication required'

Revision history for this message
Vitaly Kramskikh (vkramskikh) wrote :

Possibility to pass tokens in cookie was removed as a part of a security bug fix, so accessing API directly from browser is no longer available. As an alternative I can suggest using browser console on Fuel UI and executing of the following code:

$.ajax('/api/clusters', {headers: {'X-Auth-Token': app.keystoneClient.token}})

Changed in fuel:
status: New → Invalid
Revision history for this message
Dmitry Belyaninov (dbelyaninov) wrote :

May be it is possible to add some config parameter (to enable/disable direct api calls from browser) for debug and design usage?

Changed in fuel:
status: Invalid → New
Revision history for this message
Vitaly Kramskikh (vkramskikh) wrote :

Yep it is, though it could be better to disable authentication at all. Check AUTHENTICATION_METHOD parameter in settings.yaml

tags: added: area-python feature
removed: area-ui
Changed in fuel:
assignee: Fuel UI Team (fuel-ui) → nobody
Revision history for this message
Dmitry Belyaninov (dbelyaninov) wrote :

Cool, thx!

Changed in fuel:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.