client/web: #14822 breaks login on Unraid over HTTP #14872
Description
What is the issue?
After installing 1.80.0, Unraid clients can no longer log in through the web interface if the Unraid WebGUI is being accessed via HTTP. The Tailscale plugin presents the web client via CGI:
tailscale --socket=/var/run/tailscale/tailscaled.sock web -cgi -prefix=/plugins/tailscale/interface.php/
Clicking "Log in" results in the following message in the browser console:
Failed to load resource: the server responded with a status of 403 (Forbidden)
Details from the failed request:
Summary
URL: http://192.168.x.y/plugins/tailscale/interface.php/api/up
Status: 403 Forbidden
Source: Network
Address: 192.168.x.y:80
Initiator:
index-BbZBz4S-.js:52:18574
Request
POST /plugins/tailscale/interface.php/api/up HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 69
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Cookie: _gorilla_csrf=abcd; one=tab1; unraid_defg
Origin: http://192.168.x.y
Priority: u=3, i
Referer: http://192.168.x.y/plugins/tailscale/interface.php/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15
X-CSRF-Token: ----==
Response
HTTP/1.1 403 Forbidden
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Date: Sun, 02 Feb 2025 19:24:15 GMT
Server: nginx
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
Request Data
MIME Type: application/x-www-form-urlencoded;charset=UTF-8
csrf_token: -----
ts_data: {"Reauthenticate":true}
Steps to reproduce
- Log in to Unraid WebGUI via HTTP.
- Click "Login" button on Tailscale web client embedded in the Unraid WebGUI.
Are there any recent changes that introduced the issue?
OS
Other
OS version
Unraid 7.0.0
Tailscale version
1.80.0
Other software
No response
Bug report
N/A