GitHub user uranshishko edited a comment on the discussion: Karavan 4.14.2 how 
do you set the admin user and password?

Your issue is caused by the browser refusing to store the access token cookie. 
Same behaviour observed in latest release as well.

The server issues the access token via the Set-Cookie header, but the cookie is 
marked with the Secure attribute. Browsers will only accept Secure cookies over 
HTTPS, so if you're running the project on http://192.168.4.3:2080, the cookie 
is never stored. As a result, every authenticated request is sent without the 
access token, which leads to the 401 Unauthorized responses you're seeing.

If you look closely at the `/ui/auth/login`response headers in the network tab 
you will most likely see a warning beside the Set-Cookie header with a message 
similar to: _This attempt to set a cookie via a Set-Cookie header was blocked 
because it had the "Secure" attribute but was not received over a secure 
connection._

There are a couple of ways to resolve this:

1. Run the application over HTTPS by hosting it behind a domain name and 
installing a TLS certificate (for example, using Let's Encrypt, or a Cloudflare 
Origin Certificate if you're using Cloudflare).
2. Use HTTPS locally by generating a self-signed certificate on your machine 
and adding it to your operating system's trusted certificate store.

So technically not an issue with the application itself as it was maybe 
intentionally designed to work this way(?). Devs could maybe optionally allow 
users to control this behaviour through env variables? Regardless, once the 
application is being served over HTTPS, the browser will accept the Secure 
cookie and authentication should work as expected.

GitHub link: 
https://github.com/apache/camel-karavan/discussions/1575#discussioncomment-17607333

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]

Reply via email to