Sonarqube logging out when clicking favorite 'star'

Sonarqube 7.7.0.23042
Nginx proxy server: 1.17.1
Nginx standard install in CentOS 7.6.1810:
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC’ --with-ld-opt=’-Wl,-z,relro -Wl,-z,now -pie’

Whenever I click star symbol in sonarqube to add it to favorite, it sends me to login page. The session is not logged out as if I change the URL to home page I am still logged in.

The error is 401:
Request URL:https://XYZ.com/api/favorites/add
Request method:POST
Remote address:xx.yy.ss.dd:443
Status code:401
Version:HTTP/1.1
Referrer Policy:no-referrer-when-downgrade

Response Headers:
Connection: keep-alive
Content-Length: 0
Date: Wed, 25 Sep 2019 06:47:45 GMT
Keep-Alive: timeout=5
Server: nginx/1.17.1
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Request headers (848 B)
Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 15
Content-Type: application/x-www-form-urlencoded
Cookie: XSRF-TOKEN=12jOGjPmNqigR4…
Host: XYZ.com
Origin: https://XYZ.com
Pragma: no-cache
Referer: https://XYZ.com/projects
User-Agent: Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/69.0

I also compared HTTP header on port 80 with the above and I can see
X-XSRP-TOKEN is not there when nginx is in between.

What do you suggest?

Thanks,
Albertso

Hi,

I’m not a nginx expert, all I can tell you is that the http header X-XSRF-TOKEN and the cookie XSRF-TOKEN need to be there in order to be able to use SonarQube.

I’m sorry to not be able to help you more on this…

Regards

Nginx config for location:

location / {
proxy_pass_request_headers on;
proxy_set_header Accept-Encoding “”;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_header Set-Cookie;
proxy_pass http://127.0.0.1:9000;
proxy_cookie_path / “/; HTTPOnly; Secure”;
proxy_redirect http://127.0.0.1:9000 https://XYZ.com;
proxy_http_version 1.1;
}

resolved. HTTP flg was the issue

Thanks for giving your solution !