I’m having an issue figuring out security permissions - I’m trying to restrict certain file paths so that they cannot be accessed by not authenticated users. I have a folder restricted as below:
However, when I try to call this files on page loading they are restricted, even though the user is logged in and should be able to call these files.
Why is the server blocked the call when the user is Authenticated and should be able to access?
What response does the server return to a request to read a file?
Hi Marina, it responds with a status 400 (Bad Request).
It seems to me that your issue is not in the permissions but in the route. What response do you have if you grant the permission?
If I grant Read permission to NotAuthenticatedUser the file reads and everything loads correctly.
Confused on why its routing through the NotAuthenticatedUser route instead of AuthenticatedUser when the console shows user type as Authenticated.
Please provide us with your appId and steps on how we can reproduce the issue.
After logging in under the “Marketplace” page is where the images are read.
Hello, @G1299. Thank you information.
We will check into this issue.
An additional note - I do have cookie-based authorization enabled as well.
In the console it does not appear that the authorization cookie is getting generated after logging in.
I have one more request for you. Please create a test user in your application so that we can try logging in with their credentials and reproduce the issue.
At the moment, our preliminary assumption is that there might be something wrong with the cookie setup. I haven’t been able to reproduce your issue in my own application.
Apologies for the inconvenience.
I’ve created a ticket to investigate this issue.
We’ll keep you updated in this thread once the issue is resolved.
Great, thanks for looking into this Alexander.
Hi @G1299 ,
Problem in your case was caused by fact that in UI Builder settings you selected different domain for API calls and files retrieval. This led to situation when auth cookie which was obtained during login, was considered as 3rd-party cookie and was blocked by browser.
I have updated UI Builder settings in your app to use your custom domain in both cases and problem has gone after that.
Could you please try and confirm that problem has gone from your side?
Yes, that appears to have fixed it! Thank you all very much for the help!
Hi team, I’m having another issue related to the cookie - while using the site the cookie seems to “fall off” after a couple of page loads. I log in and after ~3 page loads the user-auth-cookie falls off the storage in the Safari console. Any thoughts why this is happening?