403 response from PG Admin #9129
Description
Describe the bug
This is linked to #8942 (sorry, I was away...).
Still the same issue with 4.9.7 (Docker image).
To Reproduce
SELECT
timestamp,
first_id
FROM first_id_imps
WHERE
timestamp > DATE_TRUNC('hour', NOW())
works
but
SELECT
timestamp,
first_id
FROM first_id_imps
WHERE
timestamp > DATE_TRUNC('hour', NOW())
ORDER BY timestamp DESC
get a 403 error
Expected behavior
A clear and concise description of what you expected to happen.
Error message
No error message on UI, 403 responses
{
"log": {
"version": "1.2",
"creator": {
"name": "WebInspector",
"version": "537.36"
},
"pages": [],
"entries": [
{
"_connectionId": "12897254",
"_initiator": {
"type": "script",
"stack": {
"callFrames": [
{
"functionName": "",
"scriptId": "165",
"url": "https://xxx.com/static/js/generated/vendor.others.js?ver=90700",
"lineNumber": 162,
"columnNumber": 89826
},
{
"functionName": "xhr",
"scriptId": "165",
"url": "https://xxx.com/static/js/generated/vendor.others.js?ver=90700",
"lineNumber": 162,
"columnNumber": 87822
},
{
"functionName": "ot",
"scriptId": "165",
"url": "https://xxx.com/static/js/generated/vendor.others.js?ver=90700",
"lineNumber": 162,
"columnNumber": 94937
},
{
"functionName": "_request",
"scriptId": "165",
"url": "https://xxx.com/static/js/generated/vendor.others.js?ver=90700",
"lineNumber": 162,
"columnNumber": 98099
},
{
"functionName": "request",
"scriptId": "165",
"url": "https://xxx.com/static/js/generated/vendor.others.js?ver=90700",
"lineNumber": 162,
"columnNumber": 96395
},
{
"functionName": "",
"scriptId": "165",
"url": "https://xxx.com/static/js/generated/vendor.others.js?ver=90700",
"lineNumber": 162,
"columnNumber": 98564
},
{
"functionName": "",
"scriptId": "165",
"url": "https://xxx.com/static/js/generated/vendor.others.js?ver=90700",
"lineNumber": 162,
"columnNumber": 66747
},
{
"functionName": "postExecutionApi",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 81908
},
{
"functionName": "startExecution",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 82898
},
{
"functionName": "",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 65810
},
{
"functionName": "m",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 65941
},
{
"functionName": "ne",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 66641
},
{
"functionName": "",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 1719815
}
],
"parent": {
"description": "Promise.then",
"callFrames": [
{
"functionName": "",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 1719803
}
],
"parent": {
"description": "Promise.then",
"callFrames": [
{
"functionName": "fireEvent",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 1719693
},
{
"functionName": "M",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 1362068
},
{
"functionName": "",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 1719815
}
],
"parent": {
"description": "Promise.then",
"callFrames": [
{
"functionName": "",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 1719803
}
],
"parent": {
"description": "Promise.then",
"callFrames": [
{
"functionName": "fireEvent",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 1719693
},
{
"functionName": "",
"scriptId": "170",
"url": "https://xxx.com/static/js/generated/sqleditor.js?ver=90700",
"lineNumber": 0,
"columnNumber": 1266339
},
{
"functionName": "Oe",
"scriptId": "163",
"url": "https://xxx.com/static/js/generated/vendor.react.js?ver=90700",
"lineNumber": 1,
"columnNumber": 231604
},
{
"functionName": "He",
"scriptId": "163",
"url": "https://xxx.com/static/js/generated/vendor.react.js?ver=90700",
"lineNumber": 1,
"columnNumber": 231758
},
{
"functionName": "",
"scriptId": "163",
"url": "https://xxx.com/static/js/generated/vendor.react.js?ver=90700",
"lineNumber": 1,
"columnNumber": 251620
},
{
"functionName": "jr",
"scriptId": "163",
"url": "https://xxx.com/static/js/generated/vendor.react.js?ver=90700",
"lineNumber": 1,
"columnNumber": 251714
},
{
"functionName": "Nr",
"scriptId": "163",
"url": "https://xxx.com/static/js/generated/vendor.react.js?ver=90700",
"lineNumber": 1,
"columnNumber": 252127
},
{
"functionName": "",
"scriptId": "163",
"url": "https://xxx.com/static/js/generated/vendor.react.js?ver=90700",
"lineNumber": 1,
"columnNumber": 257552
},
{
"functionName": "cc",
"scriptId": "163",
"url": "https://xxx.com/static/js/generated/vendor.react.js?ver=90700",
"lineNumber": 1,
"columnNumber": 320640
},
{
"functionName": "Me",
"scriptId": "163",
"url": "https://xxx.com/static/js/generated/vendor.react.js?ver=90700",
"lineNumber": 1,
"columnNumber": 230737
},
{
"functionName": "Vr",
"scriptId": "163",
"url": "https://xxx.com/static/js/generated/vendor.react.js?ver=90700",
"lineNumber": 1,
"columnNumber": 253410
},
{
"functionName": "Qt",
"scriptId": "163",
"url": "https://xxx.com/static/js/generated/vendor.react.js?ver=90700",
"lineNumber": 1,
"columnNumber": 237831
},
{
"functionName": "Ut",
"scriptId": "163",
"url": "https://xxx.com/static/js/generated/vendor.react.js?ver=90700",
"lineNumber": 1,
"columnNumber": 237615
}
]
}
}
}
}
}
},
"_priority": "High",
"_resourceType": "xhr",
"cache": {},
"connection": "443",
"request": {
"method": "POST",
"url": "https://xxx.com/sqleditor/query_tool/start/7588973",
"httpVersion": "http/2.0",
"headers": [
{
"name": ":authority",
"value": "xxx.com"
},
{
"name": ":method",
"value": "POST"
},
{
"name": ":path",
"value": "/sqleditor/query_tool/start/7588973"
},
{
"name": ":scheme",
"value": "https"
},
{
"name": "accept",
"value": "application/json, text/plain, */*"
},
{
"name": "accept-encoding",
"value": "gzip, deflate, br, zstd"
},
{
"name": "accept-language",
"value": "fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7"
},
{
"name": "content-length",
"value": "137"
},
{
"name": "content-type",
"value": "application/json"
},
{
"name": "origin",
"value": "https://xxx.com"
},
{
"name": "priority",
"value": "u=1, i"
},
{
"name": "referer",
"value": "https://xxx.com/sqleditor/panel/7588973?is_query_tool=true&sgid=1&sid=1&did=17796&database_name=xxx"
},
{
"name": "sec-ch-ua",
"value": "\"Not;A=Brand\";v=\"99\", \"Google Chrome\";v=\"139\", \"Chromium\";v=\"139\""
},
{
"name": "sec-ch-ua-mobile",
"value": "?0"
},
{
"name": "sec-ch-ua-platform",
"value": "\"macOS\""
},
{
"name": "sec-fetch-dest",
"value": "empty"
},
{
"name": "sec-fetch-mode",
"value": "cors"
},
{
"name": "sec-fetch-site",
"value": "same-origin"
},
{
"name": "user-agent",
"value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36"
},
{
"name": "x-pga-csrftoken",
"value": "abc"
}
],
"queryString": [],
"cookies": [],
"headersSize": -1,
"bodySize": 137,
"postData": {
"mimeType": "application/json",
"text": "{\"sql\":\"SELECT \\n\\ttimestamp,\\n\\tfirst_id\\nFROM first_id_imps\\nWHERE\\n\\ttimestamp > DATE_TRUNC('hour', NOW())\\nORDER BY timestamp DESC\"}"
}
},
"response": {
"status": 403,
"statusText": "",
"httpVersion": "http/2.0",
"headers": [
{
"name": "accept-ch",
"value": "Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA"
},
{
"name": "cf-mitigated",
"value": "challenge"
},
{
"name": "cf-ray",
"value": "9794d029bf98d3af-CDG"
},
{
"name": "content-encoding",
"value": "br"
},
{
"name": "content-type",
"value": "text/html; charset=UTF-8"
},
{
"name": "critical-ch",
"value": "Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA"
},
{
"name": "cross-origin-embedder-policy",
"value": "require-corp"
},
{
"name": "cross-origin-opener-policy",
"value": "same-origin"
},
{
"name": "cross-origin-resource-policy",
"value": "same-origin"
},
{
"name": "date",
"value": "Wed, 03 Sep 2025 11:12:37 GMT"
},
{
"name": "nel",
"value": "{\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}"
},
{
"name": "origin-agent-cluster",
"value": "?1"
},
{
"name": "permissions-policy",
"value": "accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()"
},
{
"name": "referrer-policy",
"value": "same-origin"
},
{
"name": "report-to",
"value": "{\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R4pvEcqxqvksvhv5xVIcy6M9DWdbCxp6ZUXiC4qbESEnbEEc6lzeBh0OgtXs%2BBCllB9bCVPg1iJgmkoH1gmF0%2B5ar4mGuCustUxqC79otWPOaNl0\"}]}"
},
{
"name": "server",
"value": "cloudflare"
},
{
"name": "server-timing",
"value": "chlray;desc=\"9794d029bf98d3af\""
},
{
"name": "vary",
"value": "accept-encoding"
},
{
"name": "x-content-type-options",
"value": "nosniff"
},
{
"name": "x-frame-options",
"value": "SAMEORIGIN"
}
],
"cookies": [],
"content": {
"size": 4996,
"mimeType": "text/html"
},
"redirectURL": "",
"headersSize": -1,
"bodySize": -1,
"_transferSize": 4157,
"_error": null,
"_fetchedViaServiceWorker": false
},
"serverIPAddress": "1.1.1.1",
"startedDateTime": "2025-09-03T11:12:37.393Z",
"time": 14.867999940179288,
"timings": {
"blocked": 1.372999954238534,
"dns": -1,
"ssl": -1,
"connect": -1,
"send": 0.814,
"wait": 12.15000001718104,
"receive": 0.5309999687597156,
"_blocked_queueing": 0.788999954238534,
"_workerStart": -1,
"_workerReady": -1,
"_workerFetchStart": -1,
"_workerRespondWithSettled": -1
}
}
]
}
}
Screenshots
Check #8942
Desktop (please complete the following information):
- pgAdmin version: 4.7.9
- Package type: Container
Additional context
Add any other context about the problem here.
Metadata
Metadata
Assignees
Type
Projects
Status