401 Unauthorized when calling /v1/statement from custom Trino UI at /ui/query

[iilrgmv]

Description:

I'm building a custom Trino UI served at /ui/query instead of the default /query path. The interface works, but any attempt to run a query results in a 401 Unauthorized response from the /v1/statement endpoint.

What I did:

I modified WebUiStaticResource.java to serve my custom frontend from /ui/query.

The frontend makes a POST request to /v1/statement when executing a SQL query.

I ensured the backend is reachable and that the request is correctly formed.

Problem:

When calling /v1/statement, the server responds with a 401 Unauthorized even though the user is logged in via the web UI. I suspect the issue might be related to authentication context not being preserved when calling from /ui/query.

Suspected causes:

The @ResourceSecurity(AUTHENTICATED_USER) annotation on /v1/statement requires a valid session/cookie, which might not be included in requests from /ui/query.

Cookies may be blocked or not sent due to SameSite, Secure, or cross-origin/browser constraints.

The frontend may be missing credentials: "include" in the request or headers like Authorization or X-Trino-User.

Request:

Could you confirm if calling /v1/statement from a custom UI path like /ui/query is expected to work out-of-the-box?
If not, what are the required headers, cookies, or settings needed to allow authenticated queries from a custom UI route?

[mbaeuerle]

I have the same issue but without altering the endpoint at /query. Still I get 401, and after checking the network requests in the Browser I saw no Authorization header is sent in the POST request from the query UI to the backend at all. Not sure if there is something to configure to make Authentication with the backend work?