CORS error achieved when token requested

By: Abdur Rafey Masood user 02 Aug 2021 at 8:07 a.m. CDT

6 Responses
Abdur Rafey Masood gravatar
## Expected Behaviour The app must redirect to gluu's login screen when tried to login to web application, which responds with the authorization_code and then a new request to get the token is sent. ## Actual Behaviour The /token endpoint is giving the cors error while the /userinfo /authorize or /.well-known endpoints are all returning cors headers. The token request fails with a CORS error `Access to XMLHttpRequest at 'https://mygluu.poc.com/oxauth/restv1/token' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.` https://ibb.co/X50dWTP ## Examples Have tried changing the cors configuration in gluu. https://ibb.co/G5JCC5G is the current configuration that has been specified for gluu CORs section. Do any changes need to be made to the configuration file in order to mitigate the cors error.
Gluu 4.2.3 Ubuntu 20.04
closed

Answers

By Keyse Omar user 02 Aug 2021 at 10:47 a.m. CDT

Copy
Keyse Omar gravatar
I am also working with Rafey on this, we are using a kubernetes cluster to host gluu with a couchbase backend, we have tried to update the cors filters as stated in the documents and tried to replicate a "restart" of the oxauth pod by scalling the replicas to 0 then back up [kubectl scale deployment oxauth --replicas=0 -n gluu] this resulted in no change. Updating the cors filter via UI seems to do nothing for us, and the corsAllowedOrigins default value being a wildcard doesn't seem to be accurate as well. Any advice is appreciated!

By Mohammad Abudayyeh staff 04 Aug 2021 at 9:32 a.m. CDT

Copy
Mohammad Abudayyeh gravatar
Hi Abdur, 1. Open Couchbase GUI 1. Go to Buckets then `gluu` bucket and hit on Documents. 1. Look for the oxauth configuration key and open it. Check if the cors settings there was changed to what you updated. You may run a query as below in Couchbase and check if the cors settings has changed: ``` select * from `gluu` USE KEYS 'configuration_oxauth' ```

By Keyse Omar user 04 Aug 2021 at 10:30 a.m. CDT

Copy
Keyse Omar gravatar
Hi Mohammad, I have checked via the Couchbase UI and the configuration shown on the document reflects what we have updated it to on the UI correctly.

By Mohammad Abudayyeh staff 04 Aug 2021 at 10:40 a.m. CDT

Copy
Mohammad Abudayyeh gravatar
Ok so that leaves out the nginx configuration. Please read over this section https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#enable-cors and add the annotations you want to the ingress you want to pass cors so that would be oxauth base ingress. You can add the annotations via a straight edit . In our helm setup we allow you to add additional annotations per ingress but for testing go ahead and edit and add the annotations : ``` kubectl edit ing <ingress name> -n namespace ```

By Keyse Omar user 04 Aug 2021 at 11:17 a.m. CDT

Copy
Keyse Omar gravatar
This has solved our problem now thank you, we updated the Ingress Yaml via `kubectl edit -n gluu ingress -o yaml` and added this annotation to the oxauth Ingress: `nginx.ingress.kubernetes.io/enable-cors: "true"` Thanks a lot for the help! Am I correct in assuming future cors configuration will have to be applied in this way rather than using the UI configuration?

By Mohammad Abudayyeh staff 04 Aug 2021 at 11:40 a.m. CDT

Copy
Mohammad Abudayyeh gravatar
It needs to be applied in both actually. OxAuth needs to allow it and nginx ingress controller needs to pass it so just keep them enabled and you should be good to go. Thanks, Mohammad

Post an answer