Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORS issue with Traefik and Authenik #469

Open
adrianmace opened this issue Nov 24, 2024 · 1 comment
Open

CORS issue with Traefik and Authenik #469

adrianmace opened this issue Nov 24, 2024 · 1 comment

Comments

@adrianmace
Copy link

Describe the bug
I am running both the frontend and backend via Traefik reverse proxy which has a middleware authentik configured. When running in this configuration, I get the following CORS error on the console and the frontend loads, but cannot communicate with the backend:

Access to internal resource at 'https://auth.example.com/application/o/authorize/?client_id=1crzd0dn3ROBzwSpYEFeIBYmRtqrtEl5Zkvyc0BI&redirect_uri=https%3A%2F%2Fauth.example.com%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue&response_type=code&scope=email+openid+profile+ak_proxy&state=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnb2F1dGhlbnRpay5pby9vdXRwb3N0LzFjcnpkMGRuM1JPQnp3U3BZRUZlSUJZbVJ0cXJ0RWw1Wmt2eWMwQkkiLCJzaWQiOiI1RkU3NVZNUklJR1NTN0c3UkdRR1pJNUdSWEsyVkwzQUABCDEFABCDEFExCUFZYNk9BIiwic3RhdGUiOiJxZHlOdG80UEF4ajhxOUhuY1FVdEpaQlA5MWt6UEk3Slp5dTJZUWprbVBNIiwicmVkaXJlY3QiOiJodHRwczovL2lwdHYuZ3AubWFjZS5hdS9tYW5pZmVzdC53ZWJtYW5pZmVzdCJ9.z1EjxOtj5L1dy-BexgWlfosBqgMf_u573vOvd5ZAPHI' (redirected from 'https://iptv-frontend.example.com/manifest.webmanifest') from origin 'https://iptv-frontend.example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have tried to inject the Access-Control-Allow-Origin: '*' header on the frontend responses, backend responses, and authentik responses all without success to resolving this. Would love to get a second set of eyes.

@adrianmace
Copy link
Author

Update, injecting the Access-Control-Allow-Origin: '*' header in to the Authentik domain does resolve the CORS issue, but the manifest.webmanifest file now returns empty with the following error:

No content available because this request was redirected

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant