Calling API service receives no-referrer-when-downgrade

softshipper · August 24, 2020, 8:51am

Hi all
I have the following scenario:

A webapp that makes requests to REST SVC and secured through Keycloak
A REST SVC also secured through Keycloak and listen on port is 8080
A running Keycloak instance

Every services run on Kubernetes.

When calling REST SVC from the browser, I’ve got Referrer-Policy: no-referrer-when-downgrade and I haven’t figured out, why.

The REST SVC resource file:

---
# Source: svc/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: user-svc
  labels:
    helm.sh/chart: svc-0.1.0
    app.kubernetes.io/name: svc
    app.kubernetes.io/instance: user-svc
    app.kubernetes.io/version: "1.16.0"
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: svc
    app.kubernetes.io/instance: user-svc
---
# Source: svc/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: user-svc
  labels:
    helm.sh/chart: svc-0.1.0
    app.kubernetes.io/name: svc
    app.kubernetes.io/instance: user-svc
    app.kubernetes.io/version: "1.16.0"
    app.kubernetes.io/managed-by: Helm
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: svc
      app.kubernetes.io/instance: user-svc
  template:
    metadata:
      labels:
        app.kubernetes.io/name: svc
        app.kubernetes.io/instance: user-svc
    spec:
      imagePullSecrets:
        - name: regcred
      containers:
        - name: user-svc
          image: "hub.example.io/svc/user-svc:0.1.17"
          imagePullPolicy: IfNotPresent
          env:          
            - name: DB_USER
              valueFrom:
                secretKeyRef:
                  name: example.example-users-db.credentials.postgresql.acid.zalan.do
                  key: "username"
            - name: DB_PW
              valueFrom:
                secretKeyRef:
                  name: example.example-users-db.credentials.postgresql.acid.zalan.do
                  key: "password"
            - name: DB_URL
              valueFrom:
                configMapKeyRef:
                  name: example-users-db-url
                  key: "db_url"
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            {}
---
# Source: svc/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: user-svc
  labels:
    helm.sh/chart: svc-0.1.0
    app.kubernetes.io/name: svc
    app.kubernetes.io/instance: user-svc
    app.kubernetes.io/version: "1.16.0"
    app.kubernetes.io/managed-by: Helm
spec:
  tls:
    - hosts:
        - "dev.user.svc.example.io"
      secretName: dev-cert-staging
  rules:
    - host: "dev.user.svc.example.io"
      http:
        paths:
          - path: /
            backend:
              serviceName: user-svc
              servicePort: 80

According to doc Referrer Policy, I have to change the service port to 443 to make it works. However I am quit not sure.

Thanks

Topic		Replies	Views
Api complains no-referrer-when-downgrade with Keycloak	0	998	July 13, 2020
Keycloak in Kubernetes / Openshift Configuring the server	2	1213	April 15, 2020
Keycloak 19.0.2, lua-resty-openidc and invalid_request Getting advice authentication , oidc	7	3012	September 28, 2022
How to call keycloak protected rest api from front end	4	4007	October 19, 2020
Deploy Production Mode Keycloak 21.1.1 on Azure Kubernetes Multinode Configuring the server	0	946	June 16, 2023

Calling API service receives no-referrer-when-downgrade

Related Topics