I have installed SonarQube 9.9.1 on windows server. We have this nagging issue where upon login there is a pop-up message at the bottom right of the screen
If we click the ‘Dismiss’ button, it will route me to the login page.
Is there a way to disable the pop-up? I checked if there are some configuration where it can be done but i’m not able to find anything.
Hey there.
That’s certainly odd behavior.
Are your users facing issues with other POST actions (like creating projects, configuring setting).
The Dismiss link triggers this API (POST api/users/dismiss_notice)
Hi Colin,
Nope, other actions are fine. It’s just this inconvenient window that we’re seeing after logging in. Is there a way to disable this?
Regards,
Dennis
Some additional information on this issue:
We just found out that the issue also happens for a function where we try to add users and remove users to a group. It seems that for certain API calls, there is an authentication required (before or after we’re not sure) and it will throw out an error.
refer to the screenshot below when the dismiss_notice is being called.
401 error was returned
Thank you.
This might be an issue sitting between your SonarQube server and the user.
Can you see if the 401 is really being returned by the SonarQube server (in the /logs/access.log file). If not, it might be being returned by the reverse proxy serving your SonarQube server over HTTPS.
Yes, we checked the log file and the 401 is coming from SonarQube server. Another thing to add on this issue, when we login to SonarQube inside the server, the issue does not happen at all. We’re getting 204 instead of the 401 error. I used the same user ID, the only difference is where i accessed SonarQube.
Same user ID, same function called, but different access points:
when called from outside SonarQube.,… we’re getting this error:
when called inside the SonarQube server… it’s successful
Hey, could you please elaborate on what you mean by “from outside SonarQube” and “inside the SonarQube server”? What’s the difference between the two situations?
(I’m assuming you refer to being in one side of the other of your reverse proxy. If that’s the case, the problem is most likely with your reverse proxy rewriting some cookies or headers).
I know this post is a bit old now, but I had the same problem. To find the solution, I had to boost the logging level with sonar.log.level=DEBUG, which gave:
2025.01.09 16:35:58 DEBUG web[cda59c34-3671-4050-8023-d053c57032ec][auth.event] login failure [cause|Wrong CSFR in request][method|JWT][provider|LOCAL|local][IP|127.0.0.1|W.X.Y.Z][login|AXRF8TGs-xVU5gF5PNVG]
That lead to Wrong CSFR in request - #3 by sergiomontesa. My problem and solution matched exactly, as I front-end SonarQube with Apache, and I have Security Compliance controls that want to modify the cookies. Removing the HttpOnly fixes this problem.
