Single API endpoint returning 404

smaddock · March 8, 2022, 10:24pm

I’m receiving a 404 when trying to access the /sys/config/ui endpoint as documented here: /sys/config/ui - HTTP API | Vault by HashiCorp

I’m authing with a root token
I can access other core API endpoints, such as /sys/config/state and /sys/health without issue.
I’m using Vault v1.9.4
I saw one reference to /sys/config-ui (hyphen instead of slash) and tried that as well to no avail
This doesn’t appear to be an enterprise-only endpoint
The UI is enabled in the config file

Example requests:

curl -X "LIST" "http://...:8200/v1/sys/config/ui/headers" \
     -H 'X-Vault-Token: ...'

curl "http://...:8200/v1/sys/config/ui/headers/Strict-Transport-Security" \
     -H 'X-Vault-Token: ...'

The response body is {"errors":[]} whereas it would normally return more info like unsupported path or operation not permitted, so it seems to be recognizing the path but something else is going on. However I can’t find any mention of trouble with this endpoint online or in these forums so hoping someone can help.

aram · March 9, 2022, 9:56am

$ vault list sys/config/ui/headers
No value found at sys/config/ui/headers
$ curl -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" http://127.0.0.1:8200/v1/sys/config/ui/headers?list=true
{"errors":[]}
$ cat payload.json 
{
  "values": ["custom value 1", "custom value 2"]
}
$ curl \
>     --header "X-Vault-Token: $(vault print token)" \
>     --request POST \
>     --data @payload.json \
>     http://127.0.0.1:8200/v1/sys/config/ui/headers/X-Custom-Header
{"request_id":"fb8d3646-cd96-bb48-12df-6dcea21294ed","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":null,"auth":null}
$ vault list sys/config/ui/headersKeys
----
X-Custom-Header

smaddock · March 9, 2022, 11:47am

Thanks for the response, which shows an empty response is to be expected if no custom headers have been set.

However, there clearly are default headers, which various docs and tutorials reference this endpoint to discover if not in the Vault configuration file. If those references are incorrect, where can I find what the default headers are?

aram · March 9, 2022, 1:51pm

That’s “Extra” header, not default headers.
Do a query and capture the request if you need the actual required/default headers.

smaddock · March 9, 2022, 2:55pm

Sure, that’s what I was doing which led me down this path. It’s just confusing and a little frustrating as a new Vault user when the documentation and tutorials are wrong.

Regardless, thanks for clearing it up for me @aram.