Details
-
Type:
Monitor
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: FIWARE-TECH-HELP
-
HD-Chapter:Unknown
-
HD-Enabler:Unknown
-
HD-Node:Unknown
Description
Created question in FIWARE Q/A platform on 13-04-2024 at 13:04
Please, ANSWER this question AT https://stackoverflow.com/questions/78320508/cors-issue-with-keyrock-ge-in-fiware-post-requests-for-logging-in-users-work-b
Question:
CORS issue with Keyrock GE in Fiware: POST requests for logging in users work, but CORS error occurs with other requests
Description:
I configured the Keyrock Generic Enabler (GE) in Fiware to enable Cross-Origin Resource Sharing (CORS). While POST requests for logging in users function correctly without CORS issues, attempting different requests such as creating users results in a CORS error.
Docker-compose config for Keyrock:
version: "3.8"
services:
orion-v2:
image: quay.io/fiware/orion:$
hostname: orion
container_name: fiware-orion
depends_on:
- mongo-db
networks:
default:
ipv4_address: 172.18.1.9
expose: - "$
{ORION_PORT}"
ports:
- "${ORION_PORT}:$
{ORION_PORT}" # localhost:1026
command: -logLevel DEBUG -noCache -dbhost mongo-db -corsOrigin __ALL
healthcheck:
test: curl --fail -s http://orion:${ORION_PORT}/version || exit 1
interval: 5s
deploy:
restart_policy:
condition: on-failure
delay: 60s
max_attempts: 10
iot-agent:
image: fiware/iotagent-json
hostname: iot-agent
container_name: fiware-iot-agent
depends_on:
- mongo-db
- orion-v2
networks:
default:
ipv4_address: 172.18.1.100
ports: - "$
{IOTA_NORTH_PORT}:${IOTA_NORTH_PORT}
" # localhost:4041
- "$
{IOTA_SOUTH_PORT}:${IOTA_SOUTH_PORT}
" # localhost:7896
environment: - IOTA_CB_HOST=orion-proxy
- IOTA_CB_PORT=$
{ORION_PROXY_PORT}
# port the context broker listens on to update context
- IOTA_NORTH_PORT=$
{IOTA_NORTH_PORT}
- IOTA_REGISTRY_TYPE=mongodb #Whether to hold IoT device info in memory or in a database
- IOTA_LOG_LEVEL=DEBUG # The log level of the IoT Agent
- IOTA_TIMESTAMP=true # Supply timestamp information with each measurement
- IOTA_CB_NGSI_VERSION=v2 # use NGSIv2 when sending updates for active attributes
- IOTA_AUTOCAST=true # Ensure Ultralight number values are read as numbers not strings
- IOTA_MONGO_HOST=mongo-db # The host name of MongoDB
- IOTA_MONGO_PORT=${MONGO_DB_PORT} # The port mongoDB is listening on
- IOTA_MONGO_DB=iotagentjson # The name of the database used in mongoDB
- IOTA_HTTP_PORT=${IOTA_SOUTH_PORT} # The port used for device traffic over HTTP
- IOTA_PROVIDER_URL=http://iot-agent:${IOTA_NORTH_PORT} - IOTA_CB_NGSI_VERSION=v2
- IOTA_AUTOCAST=true
- IOTA_AUTH_ENABLED=true
- IOTA_AUTH_TYPE=oauth2
- IOTA_AUTH_HEADER=Authorization
- IOTA_AUTH_HOST=keyrock
- IOTA_AUTH_PORT=$
{KEYROCK_PORT}
- IOTA_AUTH_URL=http://keyrock:${KEYROCK_PORT} - IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp
- IOTA_AUTH_CLIENT_SECRET=tutorial-dckr-host-0000-clientsecret
- IOTA_AUTH_PERMANENT_TOKEN=true
- IOTA_AUTH_TOKEN_PATH=/oauth2/token
healthcheck:
interval: 5s
deploy:
restart_policy:
condition: on-failure
delay: 60s
max_attempts: 10
keyrock:
image: quay.io/fiware/idm:$
container_name: fiware-keyrock
hostname: keyrock
networks:
default:
ipv4_address: 172.18.1.5
depends_on:
- mysql-db
- authzforce
ports: - "$
{KEYROCK_PORT}:${KEYROCK_PORT}
" # localhost:3005
environment: - DEBUG=idm:*
- IDM_DB_HOST=mysql-db
- IDM_DB_PASS_FILE=/run/secrets/my_secret_data
- IDM_DB_USER=root
- IDM_HOST=http://localhost:$
{KEYROCK_PORT}
- IDM_PORT=${KEYROCK_PORT} - IDM_HTTPS_PORT=$ {KEYROCK_HTTPS_PORT}
- IDM_ADMIN_USER=alice
- IDM_ADMIN_EMAIL=alice-the-admin@test.com
- IDM_ADMIN_PASS=test
- IDM_PDP_LEVEL=advanced
- IDM_AUTHZFORCE_ENABLED=true
- IDM_AUTHZFORCE_HOST=authzforce
- IDM_AUTHZFORCE_PORT=$ {AUTHZFORCE_PORT}
- IDM_CSP_FORM_ACTION=*
- IDM_CORS_ENABLED=true
- IDM_CORS_ORIGIN=*
- IDM_CORS_METHODS=*
- IDM_CORS_ALLOWED_HEADERS=*
- IDM_CORS_CREDENTIALS=true
- IDM_CORS_PREFLIGHT=true
- IDM_CORS_EXPOSED_HEADERS=*
- IDM_CORS_MAX_AGE=600
secrets: - my_secret_data
healthcheck:
interval: 5s
deploy:
restart_policy:
condition: on-failure
delay: 60s
max_attempts: 10
I have configured CORS settings in the docker-compose file for Keyrock as follows:
- IDM_CORS_ENABLED=true
- IDM_CORS_ORIGIN=*
- IDM_CORS_METHODS=*
- IDM_CORS_ALLOWED_HEADERS=*
- IDM_CORS_CREDENTIALS=true
- IDM_CORS_PREFLIGHT=true
- IDM_CORS_EXPOSED_HEADERS=*
- IDM_CORS_MAX_AGE=600
I expected these settings to allow all origins, methods, and headers, as well as credentials and preflight requests, to resolve the CORS issue. However, the error persists.
These are the requests :
Request for logging in users:
curl -iX POST \
'http://localhost:3005/v1/auth/tokens' \
-H 'Content-Type: application/json' \
-d '{
"token": "d848eb12-889f-433b-9811-6a4fbf0b86ca"
}'
Request for creating user:
curl -iX POST \
'http://localhost:3005/v1/users' \
-H 'Content-Type: application/json' \
-H 'X-Auth-token: X-Auth-token' \
-d '{
"user":
}'`
This is the CORS error :
Access to fetch at 'http://
:8989' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
and this is the network tab of the request for creating users :
enter image description here
Activity
| Field | Original Value | New Value |
|---|---|---|
| Component/s | FIWARE-TECH-HELP [ 10278 ] |
| HD-Enabler | Unknown [ 10910 ] | |
| HD-Chapter | Unknown [ 10845 ] | |
| HD-Node | Unknown [ 10852 ] |