Dear All, I have recently started having problems making changes to pipeline groups via the Web UI. This server has been in use for a bit shy of a year and there have been no recent changes to the configuration. I'd be very grateful for any pointers for how to debug this please.
Server details; GoCD Version: 19.10.0 on Ubuntu 18.04.3 LTS When I attempt to create a new pipeline group I now get this error message in the browser: "Add New Pipeline Group The change you wanted was rejected. Maybe you tried to change something you didn't have access to. If you are the application owner check the logs for more information." An error message is added to the logfile `/var/log/go-server/go-server.log` (I've added the full stack trace at the bottom of the email): ``` 2020-07-10 11:10:15,261 WARN [qtp1750626127-41] Rails:-2 - HTTP Origin header (https://my.domain.com ) didn't match request.base_url (http://my.domain.com ) 2020-07-10 11:10:15,275 ERROR [qtp1750626127-41] Rails:-1 - 2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): 2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - 2020-07-10 11:10:15,277 ERROR [qtp1750626127-41] Rails:-1 - gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request' ``` The error message in the logfile refers to the "http" prefix for the site URL, I have not been able to find anywhere in the any of the config files which uses the http protocol, only the "https" protocol, though I may have missed something. I *can* perform the same actions via API: ``` curl 'https://my.domain.com/go/api/admin/pipeline_groups' -H 'Authorization: Bearer my-access-token' -H 'Accept: application/vnd.go.cd.v1+json' -H 'Content-Type: application/json' -X POST -d '{"name":"group_created_via_api"}' ``` I've had a google for the error message, and could only find these two references: https://github.com/gocd/gocd/issues/5296 https://gitter.im/gocd/gocd?at=5bc97dd41e23486b93e2421f Both of these point to a problems with the reverse proxy server, specific browsers and github oauth, though neither specify what details of the problem might be. I do have a reverse proxy configured, using Apache. I used this guide when setting it up: https://docs.gocd.org/current/installation/configure-reverse-proxy.html However the configure of the reverse proxy has not changed since Oct 2019, and it has been working fine up until a couple of days ago. Nothing is logged in `/var/log/apache2/error.log` when the error occurs in the WebUI. I did upgrade Firefox recently to Firefox version: 78.0.2. The is the only significant change I aware of in the past few days. I have tried and have the same problem with Chrome version 83.0.4103.116 and MS Edge 44.17763.831.0, though I don't know if or when they were working previously. Finally the problem effects users authenticated with any of the Google OAuth, Github OAuth or filebased authentication. In each case the user has system admin privileges. Does anyone have any suggestions as to what the problem might be? Or any other information I need to find to help debug? Many thanks, Andy Full stacktrace as given in the logfile extract: ``` 2020-07-10 11:10:15,261 WARN [qtp1750626127-41] Rails:-2 - HTTP Origin header (https://my.domain.com ) didn't match request.base_url (http://my.domain.com ) 2020-07-10 11:10:15,275 ERROR [qtp1750626127-41] Rails:-1 - 2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): 2020-07-10 11:10:15,276 ERROR [qtp1750626127-41] Rails:-1 - 2020-07-10 11:10:15,277 ERROR [qtp1750626127-41] Rails:-1 - gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:243:in `handle_unverified_request' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/request_forgery_protection.rb:238:in `verify_authenticity_token' gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:426:in `block in make_lambda' gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:179:in `block in halting_and_conditional' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/callbacks.rb:34:in `block in Callbacks' gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:180:in `block in halting_and_conditional' gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:513:in `block in invoke_before' org/jruby/RubyArray.java:1801:in `each' gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:513:in `invoke_before' gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:131:in `run_callbacks' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/callbacks.rb:41:in `process_action' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/rescue.rb:22:in `process_action' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action' gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications.rb:168:in `block in instrument' gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications/instrumenter.rb:23:in `instrument' gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/notifications.rb:168:in `instrument' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:32:in `process_action' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal/params_wrapper.rb:256:in `process_action' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/abstract_controller/base.rb:134:in `process' gems/jruby/2.5.0/gems/actionview-5.2.2.1/lib/action_view/rendering.rb:32:in `process' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal.rb:191:in `dispatch' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_controller/metal.rb:252:in `dispatch' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:52:in `dispatch' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:34:in `serve' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/journey/router.rb:52:in `block in serve' org/jruby/RubyArray.java:1801:in `each' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/journey/router.rb:35:in `serve' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:840:in `call' gems/jruby/2.5.0/gems/versionist-1.7.0/lib/versionist/middleware.rb:39:in `_call' gems/jruby/2.5.0/gems/versionist-1.7.0/lib/versionist/middleware.rb:17:in `call' gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/tempfile_reaper.rb:15:in `call' gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/etag.rb:25:in `call' gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/conditional_get.rb:38:in `call' gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/head.rb:12:in `call' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/http/content_security_policy.rb:18:in `call' uri:classloader:/jruby/rack/session_store.rb:79:in `context' gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:226:in `call' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/cookies.rb:670:in `call' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call' gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:98:in `run_callbacks' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/callbacks.rb:26:in `call' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call' gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/rack/logger.rb:38:in `call_app' gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/rack/logger.rb:28:in `call' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/remote_ip.rb:81:in `call' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/request_id.rb:27:in `call' gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/method_override.rb:22:in `call' gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/runtime.rb:22:in `call' gems/jruby/2.5.0/gems/activesupport-5.2.2.1/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/executor.rb:14:in `call' gems/jruby/2.5.0/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/static.rb:127:in `call' gems/jruby/2.5.0/gems/rack-2.0.6/lib/rack/sendfile.rb:111:in `call' gems/jruby/2.5.0/gems/railties-5.2.2.1/lib/rails/engine.rb:524:in `call' uri:classloader:/rack/handler/servlet.rb:22:in `call' ``` -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/f9a6339c-a374-4004-bcab-74324cf7246dn%40googlegroups.com.
