Headers are not applied

Shidooo · December 30, 2022, 9:45am

Hello, my headers are not applied but the dashboard is seems correct.

services:
  traefik:
    image: traefik:v2.7
    .........
    labels:
      - traefik.enable=true
     .......
      - traefik.http.middlewares.headers.headers.frameDeny=true
      - traefik.http.middlewares.headers.headers.browserXssFilter=true
      - traefik.http.middlewares.headers.headers.stsIncludeSubdomains=true
      - traefik.http.middlewares.headers.headers.forceSTSHeader=true
      - traefik.http.middlewares.headers.headers.contentSecurityPolicy=true
      - traefik.http.middlewares.headers.headers.accessControlAllowOriginList=https://mydomain.com
      - traefik.http.middlewares.headers.headers.accessControlAllowCredentials=true
    .......
    networks:
      - traefik-network

frontend:
    ...........
    labels:
      - traefik.enable=true
      .......
      - traefik.http.routers.frontend.middlewares=headers
    networks:
      - traefik-network

It seems that there are only a few that work (Access-control-allow-credentials: true)

By using online header checkers or checking by myself, headers seems not to be applied. I should see mydomain as CORS origin...

Screenshot_2

Thanks for helping

douglasdtm · December 30, 2022, 12:43pm

@Shidooo does the Origin header in the request matches the AllowOriginList?
https://mydomain.com in this case

Shidooo · December 30, 2022, 4:17pm

@douglasdtm

my backend and frontend are both on the same origin https://mydomain.com
and traefik is on https://traefik.mydomain.com
all on the same server

Does this answer your question?

Shidooo · January 4, 2023, 12:44pm

I still haven't found a solution, I tried to update traefik to version 3.0, the problem still exists.

bluepuma77 · January 4, 2023, 4:04pm

Have you tried adding @docker at the end? As the middleware is defined by provider.docker through the labels.

Shidooo · January 6, 2023, 9:03am

This does not seem to have changed. I still have some of my headers that don't show up as "accessControlAllowOriginList".

Shidooo · January 6, 2023, 9:07am

I believe that only the headers that are already generated by my services are propagated. But the ones I want to add through traefik are not added at all. Even if the interface indicates otherwise.

Any idea ?

Shidooo · January 21, 2023, 8:45pm

It's still not working.

rtribotte · January 23, 2023, 3:15pm

Hello @Shidooo,

Configuration-wise, everything seems ok.

my backend and frontend are both on the same origin https://mydomain.com
and traefik is on https://traefik.mydomain.com all on the same server
Does this answer your question?

Well, I fear that this is not really answering the question
I think @douglasdtm wanted to ask you if you did make sure that the request has the Origin header set to the correct value, can you double-check that?
Thanks!

thanawat · February 1, 2023, 3:23pm

I have problems as same as you. I try to upgrade the version but all problems still not working too.

Hello @ rtribotte

I think @douglasdtm wanted to ask you if you did make sure that the request has the Origin header set to the correct value, can you double-check that?

I double-checked the request with many different values all problems still not working.

thanawat · February 2, 2023, 7:40am

I switch to using customResponseHeaders - (ref.: docs) option like

...
- traefik.http.middlewares.cors.headers.customResponseHeaders.access-control-allow-origin=https://example.com
- traefik.http.middlewares.cors.headers.customResponseHeaders.access-control-allow-credentials=true
...

But this solution only supports one domain I hope will support soon.

LugaLee · September 20, 2023, 3:20am

Hi，Has this issue been resolved?