Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-22985

[fiware-stackoverflow] CORS issue with Keyrock GE in Fiware: POST requests for logging in users work, but CORS error occurs with other requests

        Details

          Description

          Created question in FIWARE Q/A platform on 13-04-2024 at 13:04
          Please, ANSWER this question AT https://stackoverflow.com/questions/78320508/cors-issue-with-keyrock-ge-in-fiware-post-requests-for-logging-in-users-work-b

          Question:
          CORS issue with Keyrock GE in Fiware: POST requests for logging in users work, but CORS error occurs with other requests

          Description:
          I configured the Keyrock Generic Enabler (GE) in Fiware to enable Cross-Origin Resource Sharing (CORS). While POST requests for logging in users function correctly without CORS issues, attempting different requests such as creating users results in a CORS error.
          Docker-compose config for Keyrock:
          version: "3.8"
          services:
          orion-v2:
          image: quay.io/fiware/orion:$

          {ORION_VERSION}

          hostname: orion
          container_name: fiware-orion
          depends_on:

          • mongo-db
            networks:
            default:
            ipv4_address: 172.18.1.9
            expose:
          • "$ {ORION_PORT}"
            ports:
            - "${ORION_PORT}

            :$

            {ORION_PORT}" # localhost:1026
            command: -logLevel DEBUG -noCache -dbhost mongo-db -corsOrigin __ALL
            healthcheck:
            test: curl --fail -s http://orion:${ORION_PORT}

            /version || exit 1
            interval: 5s
            deploy:
            restart_policy:
            condition: on-failure
            delay: 60s
            max_attempts: 10

          iot-agent:
          image: fiware/iotagent-json
          hostname: iot-agent
          container_name: fiware-iot-agent
          depends_on:

          • mongo-db
          • orion-v2
            networks:
            default:
            ipv4_address: 172.18.1.100
            ports:
          • "$ {IOTA_NORTH_PORT}:${IOTA_NORTH_PORT}

            " # localhost:4041

          • "$ {IOTA_SOUTH_PORT}:${IOTA_SOUTH_PORT}

            " # localhost:7896
            environment:

          • IOTA_CB_HOST=orion-proxy
          • IOTA_CB_PORT=$ {ORION_PROXY_PORT}

            # port the context broker listens on to update context

          • IOTA_NORTH_PORT=$ {IOTA_NORTH_PORT}
            - IOTA_REGISTRY_TYPE=mongodb #Whether to hold IoT device info in memory or in a database
            - IOTA_LOG_LEVEL=DEBUG # The log level of the IoT Agent
            - IOTA_TIMESTAMP=true # Supply timestamp information with each measurement
            - IOTA_CB_NGSI_VERSION=v2 # use NGSIv2 when sending updates for active attributes
            - IOTA_AUTOCAST=true # Ensure Ultralight number values are read as numbers not strings
            - IOTA_MONGO_HOST=mongo-db # The host name of MongoDB
            - IOTA_MONGO_PORT=${MONGO_DB_PORT} # The port mongoDB is listening on
            - IOTA_MONGO_DB=iotagentjson # The name of the database used in mongoDB
            - IOTA_HTTP_PORT=${IOTA_SOUTH_PORT} # The port used for device traffic over HTTP
            - IOTA_PROVIDER_URL=http://iot-agent:${IOTA_NORTH_PORT}
          • IOTA_CB_NGSI_VERSION=v2
          • IOTA_AUTOCAST=true
          • IOTA_AUTH_ENABLED=true
          • IOTA_AUTH_TYPE=oauth2
          • IOTA_AUTH_HEADER=Authorization
          • IOTA_AUTH_HOST=keyrock
          • IOTA_AUTH_PORT=$ {KEYROCK_PORT}
            - IOTA_AUTH_URL=http://keyrock:${KEYROCK_PORT}
          • IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp
          • IOTA_AUTH_CLIENT_SECRET=tutorial-dckr-host-0000-clientsecret
          • IOTA_AUTH_PERMANENT_TOKEN=true
          • IOTA_AUTH_TOKEN_PATH=/oauth2/token
            healthcheck:
            interval: 5s
            deploy:
            restart_policy:
            condition: on-failure
            delay: 60s
            max_attempts: 10

          keyrock:
          image: quay.io/fiware/idm:$

          {KEYROCK_VERSION}

          container_name: fiware-keyrock
          hostname: keyrock
          networks:
          default:
          ipv4_address: 172.18.1.5
          depends_on:

          • mysql-db
          • authzforce
            ports:
          • "$ {KEYROCK_PORT}:${KEYROCK_PORT}

            " # localhost:3005
            environment:

          • DEBUG=idm:*
          • IDM_DB_HOST=mysql-db
          • IDM_DB_PASS_FILE=/run/secrets/my_secret_data
          • IDM_DB_USER=root
          • IDM_HOST=http://localhost:$ {KEYROCK_PORT}
            - IDM_PORT=${KEYROCK_PORT}
          • IDM_HTTPS_PORT=$ {KEYROCK_HTTPS_PORT}
          • IDM_ADMIN_USER=alice
          • IDM_ADMIN_EMAIL=alice-the-admin@test.com
          • IDM_ADMIN_PASS=test
          • IDM_PDP_LEVEL=advanced
          • IDM_AUTHZFORCE_ENABLED=true
          • IDM_AUTHZFORCE_HOST=authzforce
          • IDM_AUTHZFORCE_PORT=$ {AUTHZFORCE_PORT}
          • IDM_CSP_FORM_ACTION=*
          • IDM_CORS_ENABLED=true
          • IDM_CORS_ORIGIN=*
          • IDM_CORS_METHODS=*
          • IDM_CORS_ALLOWED_HEADERS=*
          • IDM_CORS_CREDENTIALS=true
          • IDM_CORS_PREFLIGHT=true
          • IDM_CORS_EXPOSED_HEADERS=*
          • IDM_CORS_MAX_AGE=600
            secrets:
          • my_secret_data
            healthcheck:
            interval: 5s
            deploy:
            restart_policy:
            condition: on-failure
            delay: 60s
            max_attempts: 10

          I have configured CORS settings in the docker-compose file for Keyrock as follows:

          • IDM_CORS_ENABLED=true
          • IDM_CORS_ORIGIN=*
          • IDM_CORS_METHODS=*
          • IDM_CORS_ALLOWED_HEADERS=*
          • IDM_CORS_CREDENTIALS=true
          • IDM_CORS_PREFLIGHT=true
          • IDM_CORS_EXPOSED_HEADERS=*
          • IDM_CORS_MAX_AGE=600

          I expected these settings to allow all origins, methods, and headers, as well as credentials and preflight requests, to resolve the CORS issue. However, the error persists.
          These are the requests :
          Request for logging in users:
          curl -iX POST \
          'http://localhost:3005/v1/auth/tokens' \
          -H 'Content-Type: application/json' \
          -d '{
          "token": "d848eb12-889f-433b-9811-6a4fbf0b86ca"
          }'

          Request for creating user:
          curl -iX POST \
          'http://localhost:3005/v1/users' \
          -H 'Content-Type: application/json' \
          -H 'X-Auth-token: X-Auth-token' \
          -d '{
          "user":

          { "username": "alice", "email": "alice@test.com", "password": "test" }

          }'`

          This is the CORS error :
          Access to fetch at 'http://

          {valid server-ip}:3005/v1/users' from origin 'http://{valid server-ip}

          :8989' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

          and this is the network tab of the request for creating users :
          enter image description here

            Activity

            Hide
            Permalink
            newbacklogmanager Backlog Manager added a comment -

            2025-02-04 17:51|CREATED monitor | # answers= 0, accepted answer= False

            Show
            newbacklogmanager Backlog Manager added a comment - 2025-02-04 17:51|CREATED monitor | # answers= 0, accepted answer= False

              People

              • Assignee:
                Unassigned
                Reporter:
                newbacklogmanager Backlog Manager
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: