No admin API access when using CDN [solved]


#1

Ghost 2.11 / Ubuntu / nginx / keyCDN

Everything works like a dream with keyCDN enabled - except that I’m locked out of admin.

A session is created 201 with the request to
https://www.magnushelander.se/ghost/api/v2/admin/session
and but I do not get an admin session cookie.

The following API request to
https://www.magnushelander.se/ghost/api/v2/admin/users/me/?include=roles
fails correctly with 401 Unauthorized since I don’t have a cookie.

The admin section is not broken by KeyCDN. On another machine I could use the admin functions until I logged out of Ghost. Then I was unable to log in again.

No requests from the /ghost directory are cached by keyCDN, here is the “201 Created” response

HTTP/2.0 201 Created
server: keycdn-engine
date: Thu, 31 Jan 2019 19:08:16 GMT
content-type: text/plain; charset=utf-8
content-length: 7
x-powered-by: Express
cache-control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
etag: W/"7-rM9AyJuqT6iOan/xHh+AW+7K/T8"
link: <https://magnushelander.se/ghost/api/v2/admin/session>; rel="canonical"
x-edge-location: sest
access-control-allow-origin: *
X-Firefox-Spdy: h2

Any help on what to do here would be very appreciated.
Thank you,
Magnus


#2

@mheland it looks like the Set-Cookie header is being stripped, I would suggest looking into your keyCDN config


#3

Aha, you’re right, keyCDN strips cookies by default to get better hit rates.
Option hidden way down on the page under “advanced”. Sneaky.
Deploying the new config now… that should take care of it.
tx
/magnus


#4

Yes, that took took care of it. Thank you!


closed #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.