Comments (6)
mmatur
commented on July 20, 2024
Hi @GiamBoscaro
Thanks for your issue.
Could you please provide us a simple reproductible use case without usage of the corporate proxy?
from traefik.
GiamBoscaro
commented on July 20, 2024
Hi @GiamBoscaro
Thanks for your issue.
Could you please provide us a simple reproductible use case without usage of the corporate proxy?
I will try to setup a working example without the proxy when I have time. Do you think it is something related to the corporate proxy? It is strange because any other service or website doesn't have this problem.
Would be really great to know how Traefik is supposed to work also, clearly understanding this would be already a big help for me: if I do not configure any cors middleware in Traefik, should Traefik just forward the response headers coming from the backend service to the client, including cors headers (in particular allow origin) ?
from traefik.
GiamBoscaro
commented on July 20, 2024
Hi @GiamBoscaro
Thanks for your issue.
Could you please provide us a simple reproductible use case without usage of the corporate proxy?
Good morning, an update on the situation. I have have done some testings with the corporate proxy, and I have figured out that my requests are NOT passing through the corporate proxy, since the domains that I am using in the internal network. This means two things:
- It is Traefik that it is rewriting the headers lower case
- It must be Traefik that is somehow not forwarding the allow origins header in the response.
This is the response when CORS middleware is NOT set:
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Authorization,Accepts,Set-Cookie,Cookie,Range
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
alt-svc: h3=":443"; ma=2592000
date: Mon, 19 Feb 2024 09:21:00 GMT
vary: Origin
x-powered-by: ExpressThis is the response when CORS middleware is set:
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Authorization,Accepts,Set-Cookie,Cookie,Range
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://my-domain.com
access-control-max-age: 600
alt-svc: h3=":443"; ma=2592000
content-length: 0
date: Mon, 19 Feb 2024 09:24:35 GMTfrom traefik.
kevinpollet
commented on July 20, 2024
Hello @GiamBoscaro,
I tried to reproduce the issue with a Go backend and an Express one but without any success. The Access-Control-Allow-Origin header is not removed by Traefik and is forwarded as is to the Client (without using the CORS middleware in Traefik).
Could you please provide a reproducible use case to help us diagnose the issue?
from traefik.
Allypost
commented on July 20, 2024
I had the same issue (docker image traefik:2.11).
It manifested for me when sending an OPTIONS request with access-control-request-method: OPTIONS and origin: https://ANYTHING headers.
traefik would always respond with the following without ever forwarding the request to the application:
HTTP/1.1 200 OK
Access-Control-Max-Age: 0
Date: Thu, 18 Apr 2024 21:51:56 GMT
Content-Length: 0
Connection: close
When I removed the addVaryHeader: true option, requests were forwarded normally and I got the headers that my app generated.
Example with addVaryHeader: true enabled:
$ curl -sv https://my-domain.example.org \
-X OPTIONS \
--header 'access-control-request-method: OPTIONS' \
--header 'origin: https://example.org'
...
> OPTIONS / HTTP/2
> Host: my-domain.example.org
> User-Agent: curl/8.7.1
> Accept: */*
> access-control-request-method: OPTIONS
> origin: https://example.org
>
* Request completely sent off
< HTTP/2 200
< access-control-max-age: 0
< content-length: 0
< date: Thu, 18 Apr 2024 21:56:38 GMT
<
* Connection #0 to host my-domain.example.org left intactExample response from my app with the addVaryHeader removed from the configuration:
$ curl -sv https://my-domain.example.org \
-X OPTIONS \
--header 'access-control-request-method: OPTIONS' \
--header 'origin: https://example.org'
...
> OPTIONS / HTTP/2
> Host: my-domain.example.org
> User-Agent: curl/8.7.1
> Accept: */*
> access-control-request-method: OPTIONS
> origin: https://example.org
>
* Request completely sent off
< HTTP/2 204
< access-control-allow-credentials: true
< access-control-allow-headers: *
< access-control-allow-methods: OPTIONS
< access-control-allow-origin: https://example.org
< date: Thu, 18 Apr 2024 22:01:53 GMT
< permissions-policy: interest-cohort=()
< referrer-policy: no-referrer-when-downgrade
< vary: Origin, Access-Control-Request-Method
...I don't know whether this is the only situation, but replacing OPTIONS with GET (both method and header) works like it should.
from traefik.
maietta
commented on July 20, 2024
Bump!
Setting the ORIGIN in my Dockerfile, re-establishes this missing header, which patches my issue for now.
I'd love to see more attention on this issue.
from traefik.
Related Issues (20)
- Latest is still 2.11.1 HOT 3
- v2.11.2 migration guide possibly incomplete HOT 1
- TCP+TLS connection kill in v3.0.0 HOT 18
- Does settings a readTimeout to 0 still protect us against CVE-2024-28869? HOT 5
- Provider icon size is not consistant with the other dashboard icons HOT 1
- Websocket ping/pong timeout not working HOT 5
- Display conflicting configuration in dashboard as failed routes HOT 2
- /metrics sometimes return "has a label named 'service' whose value is not utf8" HOT 3
- Gitlab desktop client connect not found HOT 1
- Switch to Kubernetes EndpointSlices API HOT 2
- Fix UI unit tests HOT 1
- Traefik should prompt for MTLs client certificates in the browser HOT 9
- Enable STARTTLS for origin Postgres server in TLSRoute of Kubernetes Gateway API HOT 2
- Activate tracing by routers HOT 2
- Timeout (499 Client Closed Request) issue introduced with v2.11.2 (working correctly with all previous versions) HOT 1
- grpc bi directional streaming - READTIMEOUT HOT 1
- Middlewares: IpAllowList doesn't work with localhost HOT 1
- upload file > 2G Fail with traefik 2.11 HOT 4
- Traefik does not attach itself to provided docker networks.
- Run Traefik as windows native service
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traefik.