This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Years old static website getting unauthenticated on bucket backend

Posted Friday
stuisme
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have been running a static React SPA site for a couple years on GCP using the setup below. Recently I started receiving an unauthenticated message coming from the bucket. Interestingly it seems to only be during a handshake where `access_token` is the query string and started about 25% of the time, now its more like 75% of the time it fails.

I am wondering what changed or what the setup needs to be? 

Setup:

  1. GCS Bucket with `allUser` being an Storage Object Viewer
  2. GCS Bucket settings has the 404 page set the index.html (for SPA routing)
  3. Load balancer (classic) with a the bucket as a backend.
  4. SSL Frontend on the load balancer


The error message:

 

 

<Error>
  <Code>AuthenticationRequired</Code>
  <Message>Authentication required.</Message>
</Error>

 

Things I have done to troubleshoot:
  • Loaded other static assets (not the index with the access_token param) with no problem. Images, javascript, css, favicon, etc 
  • Did a lot of digging on the request logs from the LB and all the failed entries are similar to this
    {
  severity: "WARNING",
  httpRequest: {
    cacheLookup: true
    latency: "0.016666s"
    referer: "https://----------/"
    remoteIp: "-------"
    requestMethod: "GET"
    requestSize: "648"
    requestUrl: "https://-------/?access_token=----------"
    responseSize: "253"
    status: 401
    userAgent: "--- Chrome/136.0.0.0"
  },
  jsonPayload: {
    @type: "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry"
    backendTargetProjectNumber: "-----"
    cacheDecision: [
      0: "REQUEST_CACHE_CONTROL_NO_CACHE"
      1: "RESPONSE_HAS_CACHE_CONTROL"
      2: "RESPONSE_CACHE_CONTROL_DISALLOWED_CACHING"
      3: "RESPONSE_HAS_EXPIRES"
      4: "RESPONSE_HAS_CONTENT_TYPE"
      5: "CACHE_MODE_CACHE_ALL_STATIC"
    ]
    cacheId: "----"
    remoteIp: "----"
    statusDetails: "response_sent_by_backend"
  }
}

  • Search through cloudaudit activity log for the protoPayload.serviceName="storage.googleapis.com" and see no changes on buckets
  • Ensured `allUsers` permission was still set to "Storage Object Viewer" on the buckets
  • verified in the storage docs that it does not accept `access_token` as a query string param in case there is some new collision

Any thoughts or ideas?

Solved Solved
0 1 49
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
stuisme
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

well over the last 48 hours it has started happening on 4 different static sites, i redeployed them to cloudflare....

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
stuisme
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

well over the last 48 hours it has started happening on 4 different static sites, i redeployed them to cloudflare....

Jump to Solution
0 Likes
Top Labels in this Space
Top Solution Authors
View all