Hi Octopus Support,
The web interface continuously keeps requesting /api/tagsets/all when a deployment target is not present anymore in the network. Even when it is “unavailable” or “disabled”, these requests stream out of the browser.
How did I get to this? I copied an entire Octopus setup from a previous installation on a different network and -of course- copied the deployment targets along with it. Then I opened up the browser to inspect the setup. The targets were marked as “unavailable”, which is correct.
But in Internet Explorer it is not possible to delete these targets as the browser keeps requesting /api/tagsets/all requests. That locks the web interface. In Chrome it does the same but Chrome still allows you to work with the web interface while it also continuously keeps sending requests.
Switching off the deployment target is also not possible in IE, as that happens in the same web page as deleting the target. In Chrome, all actions are still possible despite the flow of requests in the background.
The /api/tagsets/all requests are responded to by 304s, btw. That may be the cause of the problem.
The requests are:
GET /api/tagsets/all HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
Accept-Encoding: gzip, deflate, br
Cookie: OctopusIdentificationToken_***=; Octopus-Csrf-Token_
HTTP/1.1 304 Not Modified
Cache-Control: private no-cache, no-store
Expires: Wed, 27 Mar 2019 10:18:35 GMT
Server: Octopus Deploy/ Microsoft-HTTPAPI/2.0
Content-Security-Policy: default-src ‘none’; connect-src ‘self’; font-src ‘self’; img-src data: https://www.gravatar.com ‘self’; script-src eval: inline: ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src inline: ‘self’ ‘unsafe-inline’; worker-src ‘self’; block-all-mixed-content; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals;
Octopus-Node: name=*********; version=2018.10.5
X-XSS-Protection: 1; mode=block
Date: Thu, 28 Mar 2019 10:18:34 GMT