You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a newly created user logs into a Cloud instance for the first time and are taken through the MFA enrollment steps, the QR code image fails to load. There is an accompanying content security policy error in the browser console.
They haven't created a new user in a while, but pretty sure this worked in the past on 5.x releases.
To rule out any issues with their corporate network policies, confirmed the same issue occurs when accessed from an external device.
Steps to recreate:
Create a new user in the Graylog portal
Attempt to log in as the new user and follow the MFA onboarding steps until the QR Code page
QR Code fails to load as shown in above screenshot with accompanying console error.
Possible Solution
This is the culprit, and the Cloud customers' domains are graylog.cloud not .org.
Content-Security-Policy: The page's settings blocked the loading of a resource (img-src) at https://graylog.okta.com/api/v1/users/00uk7t3culRZgMbQo4x7/factors/opfk7t2t8iFzFlRqa4x7/qr/20111IMYzZD8pF_3OGE7hQ-qt-4XwX6EQ8SoeAnqisJ40u62Ino1mXf because it violates the following directive: "img-src 'self' data: https://*.tile.openstreetmap.org https://graylog.org/"
i would suggest we create a new cloud group (similar to default and swagger) for it, so we can separate things properly and do not include graylog.okta.com in our CSP for on premise unnecessarily
Steps to Reproduce (for bugs)
Try to enroll an MFA in a cloud instance
Context
Your Environment
Graylog Version: Graylog Cloud 6.0.4 (479)
Java Version:
OpenSearch Version: v2.11 AWS
MongoDB Version:
Operating System:
Browser version:
The text was updated successfully, but these errors were encountered:
Expected Behavior
QR code image is shown during enrolling an MFA for cloud instances.
Current Behavior
The slack thread related to this: https://graylog.slack.com/archives/C024KUJUB/p1718799036184369
Possible Solution
This is the culprit, and the Cloud customers' domains are graylog.cloud not .org.
A possible solution https://graylog.slack.com/archives/C024KUJUB/p1718886864553589?thread_ts=1718799036.184369&cid=C024KUJUB:
Steps to Reproduce (for bugs)
Context
Your Environment
The text was updated successfully, but these errors were encountered: