Brozwer support for API, getting error on option and post methods

@curt Thanks for fix with version 0.81.0
I m getting one more issue,
when i have backend api request is 301 Moved Permanently (from service worker), it should still use backend url, but somehow browzer is replacing that with frontend url.
i dont have this issue in Ziti edge desktop, it happens only via browzer.

I'll take a look today.

I have fixed in my api app, But this logic also needs to be handled in browzer.

Vinoth, please give ghcr.io/openziti/ziti-browzer-bootstrapper:pr353.842 a try when you have a moment. I believe it should resolve the redirect issue you mentioned. If so, let me know, and I will then release it.

@curt Sure let me test sometime today need to revert back the code. currently im testing something else. Probably by tomorrow will test this. Meanwhile when i access browzer app i get wss router connection timeout frequently, how to fix this or increase it?

Hi Vinoth.

I experience intermittent errors when I hit your app. For example, I sometimes see the following:

But if I enter the URL https://ziti-router-wss.aly-dev.com/ws into Chrome so I can see the CERT, the CERT looks fine, like this:

Since you are running a K8S env, I am curious if it's possible that you have more than one router set up, and the ingress to your env sometimes goes to a correctly configured wss-router, and sometimes it goes to an incorrectly configured wss-router.

i have only one router pod running. this issue is happening only with websocket router, does that mean i need to configure to increase some time out?


how to get rid of this prompt?

@curt Do u know how to fix to not to prompt to select a certificate on browzer?

Some background:

The ZBR hits the Controller's /edge/client API over HTTPS. The controller's TLS handshake currently requires a cert from the client. Turns out that this operation is superfluous because 1) it doesn't matter what cert you select and 2) the controller will completely ignore whatever cert you select and then proceed to process the API request.

I believe the best way to eliminate this client-side prompt is for the Ziti team to update the Controller so that it doesn't require a client cert during TLS handshakes on its /edge/client API.

Perhaps @andrew.martinez can chime in on this.

Oh, So this is known stuff which will always prompt and need to cancel as part of application usage, which looks scarry right for end user?

I do not disagree. The UX here is sub-optimal and needs to be addressed. The ZBR cannot control this, hence my hint that the Controller be modified.

btw, this behavior doesn't happen on every browser and/or form factor.

Hi Vinoth. The pr353.842 branch has been pending for almost a week without feedback. I will move ahead and release it as part of 0.81.2. Once that release is out, please try it, and then keep me posted on your findings.