Details
-
Type:
Incident report
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 3.4.12, 4.0.0alpha9
-
Fix Version/s: 3.0.24rc1, 3.4.15rc1, 4.0.2rc1, 4.2.0alpha1, 4.2 (plan)
-
Component/s: Frontend (F)
-
Labels:
-
Environment:all
-
Team:Team B
-
Sprint:Sprint 41, Sprint 42, Sprint 43, Sprint 44, Sprint 45, Sprint 46, Nov 2018
-
Story Points:0.5
Description
File js/class.cookie.js does not encode cookies' name or value. As a result, some cookies such as 'cb_items_10114_1' are set with values containing invalid characters such as commas: "31757,31827,31828".
Accessing Zabbix directly, via NGINX + PHP, there is no problem.
Some federation services, such as Microsoft ADFS, however, do check cookie compliance, and return a HTTP 500 error instead of allowing Zabbix frontend to load.
There is a simple fix to that, only file js/class.cookie.js is affected. I've attached a patch as an exemple. Tested and working (see screenshot with cookies properly encoded).