Sonarqube version: 8.7
I have a problem to vizualizate project_badges on google chrome, on firefox it’s works fine.
I share the project_badges with gitlab, when I access gitlab from google chrome, project_badges are not show.
Logs from google chrome
Logs from google chrome
Request URL: project_badges
Referrer Policy: same-origin
Provisional headers are shown
sec-ch-ua: " Not A;Brand";v=“99”, “Chromium”;v=“90”, “Google Chrome”;v=“90”
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Anybody can help me with this problem?
In order to be able to help you, I’d need as much information as possible. Please provide me with:
- The full details of the request (+ response) that is sent by Chrome (F12, then Network tab)
- Snapshots of the issues
- Versions of both Chrome and Firefox
Thanks for your answer.
Chrome version: Version 90.0.4430.93 (Official version) 64-bit
Firefox version: 88.0 (64-bit).
Follows screenshot F12 in Chrome
Follows the screenshot of badges when accessing gitlab on Chrome.
Could you please share your badge configuration on the Gitlab side?
This same configuration works fine on firefox.
I can’t figure out what could be wrong here sorry. I’d like to suggest that you:
- Check out the returned http code when you call the Badge image url directly in the Chrome browser url field.
- Verify your Badge image url: if your exposing your SonarQube instance to the internet (as it appears), you should definitely use https over http.
Just in case I probably know the cause. The Chrome browser doesn’t send the SonarQube cookies to the server, so the user is not authorized to see the badges. I think it is a security feature in the browser to not send cookies to when a domain name is different etc. Example:
- Git server
https://example.org/git.server, badges in the
- SonarQube URL:
When a badge is accessed directly, by opening
https://my.sonarapi/project_badges/measure?project=foobar&metric=alert_status it works, Chrome sends cookies:
set-cookie: JWT-SESSION=long-code; Max-Age=259200; Expires=Sat, 14-Aug-2021 14:29:19 GMT; Path=/; Secure; HttpOnly
set-cookie: XSRF-TOKEN=code; Max-Age=259200; Expires=Sat, 14-Aug-2021 14:29:19 GMT; Path=/; Secure
But when it is requested as image in the
README.md file (different domain
https://example.org/git.server), the cookies are not set.