Ad Widget

Collapse

Zabbix API requests with JS from the browser are not working (Not authorized)

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • vsergione
    Junior Member
    • Oct 2023
    • 28
    #1

    Zabbix API requests with JS from the browser are not working (Not authorized)

    Hello,

    I am facing a very strange issue. I am developing some scripts with JavaScript which make use of the Zbx API to extract or update data. For a while they were working fine, but since recently I am facing a critical issue that all the API requests fail with this error:
    Code:
    {
   "jsonrpc": "2.0",
   "error": {
      "code": -32602,
      "message": "Invalid params.",
      "data": "Not authorized."
   },
   "id": 1
}
    The scripts are embedded in a webpage which is then executed in the browser. Now the really weird part is that the same API request executed with CURL or with Postman is working without any problems.
    My scripts were using initially the JQuery Ajax methods to send the request but I've tried also with the JS Fetch API and the result is the same.

    I am pretty sure the requests are correctly build.

    And to give an example:
    Request header:
    Code:
    POST /zabbix/api_jsonrpc.php HTTP/2
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://localhost:5050/
Content-Length: 73
Origin: http://localhost:5050
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
Content-Type: application/json
Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Pragma: no-cache
Cache-Control: no-cache​
    Request body:
    Code:
    {
   "jsonrpc": "2.0",
   "method": "host.get",
   "id": 1,
   "params": {
   "output": "extend"
   }
}​
    Any clues?? Eventually, could you suggest how to troubleshoot the API requests on the server side?

    Tags: api, javascript, web browser
    • vsergione
      Junior Member
      • Oct 2023
      • 28
      #2
      I found the problem and I've thought to share it with the community.

      What I've missed to say in the initial post was that at some point I've changed the browser which I was using to run the script and that was the moment the problem started.

      Initially I have thought that, what a heck? there should be no differences in the HTTP client between the browsers and the Curl or Postman. But upon comparing the Request headers I've found the issue: as you can see in the Request header given in the failed request example, the request is using HTTP/2 (see the 1st line: POST /zabbix/api_jsonrpc.php HTTP/2), while in the successful cases (Curl, Postman and the old browser) it was using HTTP1.1. Normally I was not expecting for this to make a difference. But it seems that there is some misconfiguration on the server hosting the API which somehow fails to process correctly the HTTP/2 requests.

      My solution to this problem was to disable HTTP/2 on the client side, so all requests are made using HTTP1.1. If using Firefox this can be done this way: type in the address bar about:config, click on the accept the risk and continue and search for network.http.http2.enable and set it to false.

        Comment

        Previous template Next
        Working...