Yes, okay, that's confirmed. The angular bits in horizon do now play well the "Set-Cookie" because Angular can't (in this instance) grab the CSRF cookie and pass it back to the server; thus the request isn't authenticated.
The charm needs a patch to take out the Set-Cookie (and release to stable), but also the original bug will be re-opened to determine a course of action.
Yes, okay, that's confirmed. The angular bits in horizon do now play well the "Set-Cookie" because Angular can't (in this instance) grab the CSRF cookie and pass it back to the server; thus the request isn't authenticated.
The charm needs a patch to take out the Set-Cookie (and release to stable), but also the original bug will be re-opened to determine a course of action.
I'll do this now.