Comment 7 for bug 1853173

Yes, okay, that's confirmed. The angular bits in horizon do now play well the "Set-Cookie" because Angular can't (in this instance) grab the CSRF cookie and pass it back to the server; thus the request isn't authenticated.

The charm needs a patch to take out the Set-Cookie (and release to stable), but also the original bug will be re-opened to determine a course of action.

I'll do this now.