Skip to content

400 response for any request with auth cookies present / No debug mode #175

New issue
New issue
Open
Open
400 response for any request with auth cookies present / No debug mode#175
Labels
bugSomething isn't working
@erzz

Description

@erzz
erzz
opened on Dec 5, 2024

Expected

I am trying to deploy lite on GCP Cloud Run behind oauth2-proxy as a SSO sidecar container and this is what I observe:

  1. User hits the oauth2-proxy and authenticates themselves. When a user is authenticated - a split auth cookie is added before the request is forwarded to the structurizr container.

image

  1. Whenever this cookie is present in the browser - structurizr fails to load and returns 400

image

  1. If I attempt to reach any instance of structurizr (the deployed target above, localhost docker, localhost war file, other environments etc) with this cookie present in my browser it fails with the 400

  2. Until cookie is deleted from browser or I use a new private tab - I am guaranteed to get the 400

I suspected that it was to do with cookie size (its an 8k cookie from azure AD :( ) but I managed to strip scopes etc until it was down to the size above - though it still doesn't fit into a single cookie.

The biggest pain point in debugging this is that it doesn't seem to be possible to enable debug logging with the lite version - so there is nothing in logs at all. All I have to go on is the 400 response in developer tools of the browser.

So I don't know if its some cross origin thing, cookie size limits, the split cookie or perhaps absolutely nothing to do with cookies .... :)

Actual

  • Auth cookies not used by application are ignored (if that is the actual problem)
  • debug logs can be enabled

Steps to reproduce

Thats kinda difficult :)

If you happen to use Azure AD as an IDP, then setting up an oauth2-proxy docker container or the binary in front of a local docker instance should get you the cookie and 400 response

Version/build information

structurizr/lite:2024.11.04

Severity

Major

Priority

I have no budget and there's no rush, please fix this for free

More information

Of course stripping the cookies at the proxy before being sent down to the structurizr app would be nice .... but not something that they support. But either way it feels like this is also a bug for this project too

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions