search

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Other
14.08k stars 3.42k forks source link

Access to XMLHttpRequest at 'https://domain/api/logout/' from origin 'https://domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. #14945

Closed laiminhtrung1997 closed 2 months ago

laiminhtrung1997 commented 8 months ago

Please confirm the following

Bug Summary

After the end-user logout with the API '/api/logout', the issue occurred with a message below.

Access to XMLHttpRequest at 'https://domain/api/logout/' from origin 'https://domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I researched this issue in Envoy, then I configured the Envoy configurations below

routes:
- match
    prefix: "/api/logout"
  route:
    cluster: awx
    timeout: 3600s
    cors:
      allow_origin_string_match:
        - prefix: "https://domain"
      allow_credentials: true
      allow_methods: GET

The issue is still occurring with the other message below.

Access to XMLHttpRequest at 'https://domain/api/' ( redirected from 'https://domain/api/logout/') from origin 'https://domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Then I continuing configure the Envoy configurations with the path '/api/' as well. The above message is still occurring.

Could you guy help me to solve this issue? I appreciate it very much. Best regards.

AWX version

23.6.0

Select the relevant components

Installation method

kubernetes

Modifications

no

Ansible version

No response

Operating system

No response

Web browser

No response

Steps to reproduce

  1. Log in to AWX.
  2. Log out from AWX.

Expected results

The end-user can log out without any errors about the cors.

Actual results

The CORS error occurred with the message below.

Access to XMLHttpRequest at 'https://domain/api/logout/' from origin 'https://domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Additional information

No response

fosterseth commented 8 months ago

you may need to set these AWX extra settings on your spec file

this setting can also be found in the UI > Settings > Misc System

  extra_settings:
  - setting: CSRF_TRUSTED_ORIGINS
    value:
      - https://yourdomain.com