403 errors after upgrading to 11.1.4 with Cookie Authentication

I'm getting 403 errors on a single page - api.ashx/v2/notifications.json?IsRead=false&PageSize=1&PageIndex=0&_=1597934978472

I'm using Cookie Authentication. I have ensured that SameSite setting is set to Lax matching the setting in Verint Community.

Top Replies

Navy OGC over 4 years ago in reply to Navy OGC +2 verified

This was caused by httpOnlyCookies setting set to True in the Configuration Editor in IIS

0 Michael Monteleone over 4 years ago

Just to be clear, this only happens on a single page? Are there multiple tabs/windows open, and was one of them potentially logged out during this? Would it be possible to share an HTTP trace and any JavaScript errors?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Navy OGC over 4 years ago in reply to Michael Monteleone

Sorry, it happens on all the pages that make a call to the - api.ashx/v2/notifications.json . The 403 error only occurs on the call to api.ashx. It breaks most pages. Nothing is logged in the exceptions table. Popup errors are displayed on the page.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Michael Monteleone over 4 years ago in reply to Navy OGC
Would it be possible to include any JavaScript errors and an HTTP trace? Also, can you try running this in the browser console? It's a simple REST request that should just return the current user's user object in the console. I'm trying to verify if any REST requests from the UI are being authenticated.

jQuery.telligent.evolution.get({ url: jQuery.telligent.evolution.site.getBaseUrl() + 'api.ashx/v2/users/{id}.json', data: { id: jQuery.telligent.evolution.user.accessing.id }, success: function(response) { console.log(response.User); } });
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Navy OGC over 4 years ago in reply to Michael Monteleone

I'm not seeing any Javascript errors. See below, the script resulted in 403. I'm logged as administrator.

VM333:1 GET sitefaqdn/.../2102.json 403
send @ jquery.min.js:2
ajax @ jquery.min.js:2
jQuery.ajax @ jquery.migrate.js:228
a @ telligent.evolution.min.js:360
k @ telligent.evolution.min.js:365
get @ telligent.evolution.min.js:366
(anonymous) @ VM333:1
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Michael Monteleone over 4 years ago in reply to Navy OGC

So this verifies that no REST requests from the UI are being authenticated, not just the one to /notifications.json, which happens to be common. Can you share an HTTP/Fiddler trace?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Michael Monteleone over 4 years ago in reply to Michael Monteleone

Thank you, I've reviewed the trace, and it seems neither the Authorization-Code nor Rest-Authorization-Code headers are being included on REST requests from the UI. This isn't a known issue. Do you have any customizations overriding jQuery.ajax or setting options through jQuery.ajaxSetup()? It may be useful to escalate this to support for closer review.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Navy OGC over 4 years ago in reply to Michael Monteleone

No, we are not doing anything with jquery.ajax. This started with upgrading to 11.1.4. I have opened a support case.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Navy OGC over 4 years ago in reply to Navy OGC

This was caused by httpOnlyCookies setting set to True in the Configuration Editor in IIS
Cancel
Vote Up +2 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel