Could you share your reverse proxy config along with the request being sent via your browser? To capture the request - Open dev tools -> network tab -> right click on request -> copy as curl. Make sure to remove sensitive information (URL, credentials)
- Ketan On Tue, Jul 14, 2020 at 5:33 PM Andrew Smith <asm...@mapaction.org> wrote: > Hello, > > Thank you Aravind SV for the private reply. > > I'm just replying here for reference in case anyone else has a similar > problem in the future. > > I have checked that both the “Site URL” and “Secure Site URL” in the > “Server Configuration” (https://your-server/go/admin/config/server) point > to the “https” URL. However this does not resolve the problem (unless there > is a cache that needs clearing somewhere I'm not aware of) > > I have installed an older version of Firefox via PortableApps. I am able > to use Firefox (v52) to make the required changes to the PipelineGroups > (which is a short term workaround). > > So whatever the cause of the problem it is specific to something that is > not accepted by the fully up to date browsers. I will try upgrading my GoCD > instance in due course and see if that gives a better solution. > > Many thanks, > Andy > > > Andy Smith > Head of Technical Development > MapAction > Mapping for people in crisis > > Douglas Court, 1-2 Seymour Business Park, Station Road, Chinnor, OX39 4HA > t: +44 (0)1494 568 899 | mapaction.org | asm...@mapaction.org > > Please note my regular working days are Tuesday to Friday > For more information about the MapAction privacy policy see > mapaction.org/privacy > > > On Fri, 10 Jul 2020 at 16:11, asm...@mapaction.org <asm...@mapaction.org> > wrote: > >> >> Dear All, >> >> I have recently started having problems making changes to pipeline groups >> via the Web UI. This server has been in use for a bit shy of a year and >> there have been no recent changes to the configuration. I'd be very >> grateful for any pointers for how to debug this please. >> >> Server details; GoCD Version: 19.10.0 on Ubuntu 18.04.3 LTS >> >> When I attempt to create a new pipeline group I now get this error >> message in the browser: >> >> "Add New Pipeline Group >> The change you wanted was rejected. >> Maybe you tried to change something you didn't have access to. >> If you are the application owner check the logs for more information." >> >> An error message is added to the logfile >> `/var/log/go-server/go-server.log` (I've added the full stack trace at the >> bottom of the email): >> ``` >> 2020-07-10 11:10:15,261 WARN [qtp1750626127-41] Rails:-2 - HTTP Origin >> header (https://my.domain.com ) didn't match request.base_url ( >> http://my.domain.com ) >> 2020-07-10 11:10:15,275 ERROR [qtp1750626127-41] Rails:-1 - >> 2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - >> ActionController::InvalidAuthenticityToken >> (ActionController::InvalidAuthenticityToken): >> 2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - >> 2020-07-10 11:10:15,277 ERROR [qtp1750626127-41] Rails:-1 - >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:211:in >> `handle_unverified_request' >> ``` >> >> The error message in the logfile refers to the "http" prefix for the site >> URL, I have not been able to find anywhere in the any of the config files >> which uses the http protocol, only the "https" protocol, though I may have >> missed something. >> >> >> I *can* perform the same actions via API: >> ``` >> curl 'https://my.domain.com/go/api/admin/pipeline_groups' -H >> 'Authorization: Bearer my-access-token' -H 'Accept: >> application/vnd.go.cd.v1+json' -H 'Content-Type: application/json' -X POST >> -d '{"name":"group_created_via_api"}' >> ``` >> >> I've had a google for the error message, and could only find these two >> references: >> https://github.com/gocd/gocd/issues/5296 >> https://gitter.im/gocd/gocd?at=5bc97dd41e23486b93e2421f >> >> Both of these point to a problems with the reverse proxy server, specific >> browsers and github oauth, though neither specify what details of the >> problem might be. >> >> I do have a reverse proxy configured, using Apache. I used this guide >> when setting it up: >> https://docs.gocd.org/current/installation/configure-reverse-proxy.html >> >> However the configure of the reverse proxy has not changed since Oct >> 2019, and it has been working fine up until a couple of days ago. Nothing >> is logged in `/var/log/apache2/error.log` when the error occurs in the >> WebUI. >> >> I did upgrade Firefox recently to Firefox version: 78.0.2. The is the >> only significant change I aware of in the past few days. I have tried and >> have the same problem with Chrome version 83.0.4103.116 and MS Edge >> 44.17763.831.0, though I don't know if or when they were working previously. >> >> Finally the problem effects users authenticated with any of the Google >> OAuth, Github OAuth or filebased authentication. In each case the user has >> system admin privileges. >> >> Does anyone have any suggestions as to what the problem might be? Or any >> other information I need to find to help debug? >> >> Many thanks, >> Andy >> >> >> Full stacktrace as given in the logfile extract: >> ``` >> 2020-07-10 11:10:15,261 WARN [qtp1750626127-41] Rails:-2 - HTTP Origin >> header (https://my.domain.com ) didn't match request.base_url ( >> http://my.domain.com ) >> 2020-07-10 11:10:15,275 ERROR [qtp1750626127-41] Rails:-1 - >> 2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - >> ActionController::InvalidAuthenticityToken >> (ActionController::InvalidAuthenticityToken): >> 2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - >> 2020-07-10 11:10:15,277 ERROR [qtp1750626127-41] Rails:-1 - >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:211:in >> `handle_unverified_request' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:243:in >> `handle_unverified_request' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:238:in >> `verify_authenticity_token' >> gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:426:in >> `block in make_lambda' >> gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:179:in >> `block in halting_and_conditional' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/callbacks.rb:34:in >> `block in Callbacks' >> gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:180:in >> `block in halting_and_conditional' >> gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:513:in >> `block in invoke_before' >> org/jruby/RubyArray.java:1801:in `each' >> gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:513:in >> `invoke_before' >> gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:131:in >> `run_callbacks' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/callbacks.rb:41:in >> `process_action' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/rescue.rb:22:in >> `process_action' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:34:in >> `block in process_action' >> gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications.rb:168:in >> `block in instrument' >> gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications/instrumenter.rb:23:in >> `instrument' >> gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications.rb:168:in >> `instrument' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:32:in >> `process_action' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/params_wrapper.rb:256:in >> `process_action' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/base.rb:134:in >> `process' >> gems/jruby/2.5.0/gems/actionview-5.2.2.1/lib/action_view/rendering.rb:32:in >> `process' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal.rb:191:in >> `dispatch' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal.rb:252:in >> `dispatch' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:52:in >> `dispatch' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:34:in >> `serve' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/journey/router.rb:52:in >> `block in serve' >> org/jruby/RubyArray.java:1801:in `each' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/journey/router.rb:35:in >> `serve' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:840:in >> `call' >> gems/jruby/2.5.0/gems/versionist-1.7.0/lib/versionist/middleware.rb:39:in >> `_call' >> gems/jruby/2.5.0/gems/versionist-1.7.0/lib/versionist/middleware.rb:17:in >> `call' >> gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/tempfile_reaper.rb:15:in `call' >> gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/etag.rb:25:in `call' >> gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/conditional_get.rb:38:in `call' >> gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/head.rb:12:in `call' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/http/content_security_policy.rb:18:in >> `call' >> uri:classloader:/jruby/rack/session_store.rb:79:in `context' >> gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:226:in >> `call' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/cookies.rb:670:in >> `call' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/callbacks.rb:28:in >> `block in call' >> gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:98:in >> `run_callbacks' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/callbacks.rb:26:in >> `call' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/debug_exceptions.rb:61:in >> `call' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/show_exceptions.rb:33:in >> `call' >> gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/rack/logger.rb:38:in >> `call_app' >> gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/rack/logger.rb:28:in >> `call' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/remote_ip.rb:81:in >> `call' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/request_id.rb:27:in >> `call' >> gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/method_override.rb:22:in `call' >> gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/runtime.rb:22:in `call' >> gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in >> `call' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/executor.rb:14:in >> `call' >> gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/static.rb:127:in >> `call' >> gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/sendfile.rb:111:in `call' >> gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/engine.rb:524:in `call' >> uri:classloader:/rack/handler/servlet.rb:22:in `call' >> ``` >> >> -- >> You received this message because you are subscribed to the Google Groups >> "go-cd" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to go-cd+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/go-cd/f9a6339c-a374-4004-bcab-74324cf7246dn%40googlegroups.com >> <https://groups.google.com/d/msgid/go-cd/f9a6339c-a374-4004-bcab-74324cf7246dn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to go-cd+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/go-cd/CAM5WB9C%2BDKvQHB8A073ysFAq0t4SfboqmDw4G3m5%2BeLJhYJQow%40mail.gmail.com > <https://groups.google.com/d/msgid/go-cd/CAM5WB9C%2BDKvQHB8A073ysFAq0t4SfboqmDw4G3m5%2BeLJhYJQow%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CAMUPJd7Kf_Q40HX%3Drp_YMwcF%3DvZ2v8px%3DkoGNSJMWuYToEpwzw%40mail.gmail.com.
