4 Replies Latest reply on Apr 23, 2020 6:17 PM by ralish

    Problem with Loginsight Content Pack Markplace access

    fduranti Hot Shot

      Starting from some days ago I'm not able to access the Content Pack Marketplace from vRealize Log Insight.

      I just get a circle spinning in the middle of the screen just like it was trying to download something but not working.

      It was working in the past.

      I've the same problem on 3 different installation 2 of which are 8.0 and 1 is 8.1 just upgraded.

       

      From my browser I'm able to reach the marketplace without any problem.

      Anything I can check?

        • 1. Re: Problem with Loginsight Content Pack Markplace access
          fcardarelli Novice

          Hi, same error here on a new installation.

          Any info will be appreciated.

          • 2. Re: Problem with Loginsight Content Pack Markplace access
            fduranti Hot Shot

            I've got an answer from the support.

            It work connecting with the ip address of the log insight server.

            After it worked a first time with ip address it work also with fqdn.

            It solved my issue.

            • 3. Re: Problem with Loginsight Content Pack Markplace access
              BenediktFrenzel Enthusiast
              vExpertVMware Employees

              Hi,

               

              sorry for the inconvenience, our Log Insight team is currently working on this issue.

               

              The current workaround would be to connect to the Log Insight using the IP first.

              This will assure that the Content will load, and after that you should be able to use the FQDN again.

               

              Hope that helps. Best Regards from Cork

               

              Benedikt

              • 4. Re: Problem with Loginsight Content Pack Markplace access
                ralish Enthusiast

                Just wanted to add a bit more detail here, which hopefully can be relayed to the relevant engineers if they're not already aware.

                 

                The underlying issue is a cross-site request to the GitHub API to retrieve details for the vmw-loginsight/vlcp repository. The request fails with a HTTP 401 (Unauthorized) response. Why that is I'm not sure; it appears to be some odd CORS handling on GitHub's end. As Benedikt notes, it works if the Origin request header is an IP address instead of a hostname, and if you send the request using curl but strip the scheme from the origin (e.g. "Origin: my.vrli.site") it also works.

                 

                More problematically:

                1. The request uses basic authentication to the GitHub API. That means the credentials are embedded into the application. I won't post them here, but embedding plain GitHub account credentials seems questionable, if not necessarily a security issue.
                2. Basic Authentication to the GitHub API is already deprecated and is going to be outright removed later this year. So if the request weren't already broken, it's certain to break later this year when using this authentication scheme becomes unsupported.