Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access to XMLHttpRequest at 'https://domain/api/logout/' from origin 'https://domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. #14945

Closed
6 of 11 tasks
laiminhtrung1997 opened this issue Mar 3, 2024 · 1 comment
Closed
6 of 11 tasks

Access to XMLHttpRequest at 'https://domain/api/logout/' from origin 'https://domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. #14945

laiminhtrung1997 opened this issue Mar 3, 2024 · 1 comment
Labels
community component:api component:ui needs_triage type:bug

Comments

@laiminhtrung1997
Copy link

Please confirm the following

  • I agree to follow this project's code of conduct.
  • I have checked the current issues for duplicates.
  • I understand that AWX is open source software provided for free and that I might not receive a timely response.
  • I am NOT reporting a (potential) security vulnerability. (These should be emailed to security@ansible.com instead.)

Bug Summary

After the end-user logout with the API '/api/logout', the issue occurred with a message below.

Access to XMLHttpRequest at 'https://domain/api/logout/' from origin 'https://domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I researched this issue in Envoy, then I configured the Envoy configurations below

routes:
- match
    prefix: "/api/logout"
  route:
    cluster: awx
    timeout: 3600s
    cors:
      allow_origin_string_match:
        - prefix: "https://domain"
      allow_credentials: true
      allow_methods: GET

The issue is still occurring with the other message below.

Access to XMLHttpRequest at 'https://domain/api/' ( redirected from 'https://domain/api/logout/') from origin 'https://domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Then I continuing configure the Envoy configurations with the path '/api/' as well. The above message is still occurring.

Could you guy help me to solve this issue? I appreciate it very much.
Best regards.

AWX version

23.6.0

Select the relevant components

  • UI
  • UI (tech preview)
  • API
  • Docs
  • Collection
  • CLI
  • Other

Installation method

kubernetes

Modifications

no

Ansible version

No response

Operating system

No response

Web browser

No response

Steps to reproduce

  1. Log in to AWX.
  2. Log out from AWX.

Expected results

The end-user can log out without any errors about the cors.

Actual results

The CORS error occurred with the message below.

Access to XMLHttpRequest at 'https://domain/api/logout/' from origin 'https://domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Additional information

No response
@fosterseth
Copy link
Member

you may need to set these AWX extra settings on your spec file

this setting can also be found in the UI > Settings > Misc System

  extra_settings:
  - setting: CSRF_TRUSTED_ORIGINS
    value:
      - https://yourdomain.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community component:api component:ui needs_triage type:bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fosterseth @laiminhtrung1997