Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS error when accessing METABASE through kong and keycloak #13899

Open
1 task done
iilr-g opened this issue Nov 20, 2024 · 2 comments
Open
1 task done

CORS error when accessing METABASE through kong and keycloak #13899

iilr-g opened this issue Nov 20, 2024 · 2 comments

Comments

@iilr-g
Copy link

iilr-g commented Nov 20, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Kong version ($ kong version)

I'm using kong:2.8.5-alpine with the OIDC plugin provided by Nokia (https://github.com/nokia/kong-oidc)

Current Behavior

My current scenario is a Service Provider (Metabase) which has to be accessed once the user has been authenticated via keycloak. The main point and particularity is that, given that the authentication by keycloak is a must to provide access to Metabase, the authentication is not passed to Metabase (I'm not using key auth plugin), so the user will be allowed to access the Metabase service and then she/he will need to provide credentials in the Metabase login page to access.

So everything is working as expected: I try to access /metabase through kong, and it redirects to keycloak. I give the credentials, then APPARENTLY I'm redirected to metabase. The point is that when the browser is trying to download some resources from metabase, it gives CORS error, and some errors through the console like:

Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self'

Note that also I was expecting to be fully in metabase when the previous authentication with keycloak was performed, but I still see some redirects with this path:

http://keycloak-idb:9092/realms/MetabaseConnect/protocol/openid-connect/auth?scope=openid&nonce=7e666b6c4c16668db3a7a967b6570482&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fmetabase%2Fapp%2Ffonts%2FLato%2Flato-v16-latin-regular.woff2%2F&response_type=code&state=1d6b58c6971f333df8dd405f002c7f14&client_id=kong

when trying to download the resources, which is also something I don't fully understand, as once the authentication is completed kong should just let the requests flow between the browser and metabase, not involving keycloak again unless the token is expired (which is definitely not the case).

Thanks beforehand

Expected Behavior

explained before

Steps To Reproduce

Anything else?

no
@xianghai2
Copy link

The recommendation is to use Kong version 3.8 .

@iilr-g
Copy link
Author

iilr-g commented Nov 21, 2024

The recommendation is to use Kong version 3.8 .

Even changing the kong version to 3.8.0 the error remains the same

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xianghai2 @iilr-g