I'm trying to replace nginx with Treafik 2 in my docker-compose, but my Frontend can't communicate with the Backend. And I'm not sure why and what I'm missing. It looks like that headers defined in backbend doesn't got forwarded. But I'm not a HTTP expert, I'm not sure how it works in detail.
If my frontend trys to communicate to the Backend, I got this Warning in the Firefox console and 404 Not Found in request.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://my-backend.foobar.com/apiCall. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Here are my latest configs that I've tried.
traefik_dynamic.toml
Yes, the frontend is an Angular application and backend is an Spring Boot application. What I know is, that we have explicit enabled CORS with "*" as origin in our Rest Controllers for responses. And it looks like that exactly this part doesn't comes through traefik.
Ah yes, now my OPTIONS requests return 200 but following GET requests are still blocked with this messages:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://my-backend.foobar.com/apiCall. (Reason: missing token 'authorization' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel).
followed by
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://my-backend.foobar.com/apiCall. (Reason: CORS request did not succeed).
I just wonder, what it the different between nginx and traefik in this part.
The only settings that I made in nginx are:
Frontend:
Does nobody has a solution for me? Am I really the only one with such a problem?
It's really sad, I was very excited about traefik and wanted to use it in the company. But this issue is the deal breaker.
If your backend is handling the cors responses, then you probably don't want Traefik interfering with them.
If you configure cors headers within Traefik, the preflights will be intercepted, and Traefik will overwrite headers from the backend, which is probably not what you want.
The error you are getting:
Reason: missing token 'authorization' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel
Is because you have not configured any 'Access-Control-Allow-Headers' in your configuration, and therefore, the authorization header is not specified in the preflight.
thank you for your reply. I would like to keep Traefik out of the way and let him to just pass anything through as is it. But like I tried to describe my problem in the first post, but for some reason if I use traefik with pretty basic settings, I got the problem that you can see here:
Thank you for the answer @daniel.tomcej.
Well, with curl I got another problem. At least I think that it's another problem.
curl -v https://my-frontend.foobar.com
* Rebuilt URL to: https://my-frontend.foobar.com/
* Trying X.X.X.48...
* TCP_NODELAY set
* Connected to my-frontend.foobar.com (X.X.X.48) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
The reason I was trying to see what headers are being sent by your frontend without dealing with the browser overhead.
Forwarded to where?
Is your frontend container making a request to your backend container?
Is it your application in the browser that is making a request to your backend container via Traefik?
You mention that your frontend is setting CORS headers, but in your Traefik configuration above, you are setting them on the backend. Can you give us a little bit more information?
If I can't see what the request without Traefik and the request with Traefik look like, it will be very difficult to debug where the issue stems from.
@daniel.tomcej thank you for your replay.
It's the other way around. The Backend should set his own headers (response headers).
Actually I can't really work with curl, because it needs a keycloak authentication.
But here I got headers out of firefox network tool.
Here is a working OPTIONS request to Backend out of Browser by the frontend (ajax):
Request headers:
HTTP/2.0 404 Not Found
content-type: text/plain; charset=utf-8
x-content-type-options: nosniff
content-length: 19
date: Mon, 07 Oct 2019 06:48:37 GMT
X-Firefox-Spdy: h2
And here is again the Error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://my-backend.foorbar.com/backend-api. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
@numToStr In this case the analysis above should also apply to you. 404 coming from the back end generally means that the server application did not recognise resource requested.