efaden
commented
4 months ago Seeing this also
Open mdelpire opened 4 months ago
efaden
commented
4 months ago Seeing this also
Towerism
commented
4 months ago This is probably because the preflight request is returning a 302 found instead of a 200 success.
mdelpire
commented
4 months ago It might be the case as if I clear the cache everything works fine. How can I prevent this 302 and force to get the request?
On Sun, Jun 23, 2024 at 9:59 PM Martin Fracker, Jr. < @.***> wrote:
This is probably because the preflight request is returning a 302 found instead of a 200 success.
— Reply to this email directly, view it on GitHub https://github.com/goauthentik/authentik/issues/10057#issuecomment-2185307431, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGA4IOI6DKPYOQEBEYOQ67LZI4SLFAVCNFSM6AAAAABJB75OWOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBVGMYDONBTGE . You are receiving this because you authored the thread.Message ID: @.***>
addich
commented
2 months ago I have exact the same issue. in "InPrivate"/Incognito windows it works. but in normal window I get blocked by CORS policy.
authentik version: 2024.6.2 deployment: helm kubernetes with nginx ingress
scipe
commented
1 month ago Exact same issue. Fresh installation. K0s and ingress with nginx + load balancer + cloudflare.
Deployed with helm. Latest version.
PrivateGER
commented
1 month ago Same issue. Makes Authentik proxy unusable on version 2024.8.2.
QHivert
commented
1 month ago Hello, same issue here.
When a user made a post request on my webapp and their token is invalid, it will redirect to the authorize endpoint. In this case, the browser will make a preflight/OPTIONS request that will return 200 without the header access-control-allow-origin. That way, the next GET request will be blocked by the browser.
Looking at the code, it seems that the authorize endpoint doesn't call the method cors_allow. So any OPTIONS request to that endpoint will fail.
I don't know if this is expected, though :/
0xEmma
commented
1 month ago Also seeing this since update to 2024.8.2/2024.8.3
yurividal
commented
3 weeks ago Also facing this same issue. In my case, the application works fine when i'm logged in. But, i have set some paths in the Unauthenticated Paths list, and when i try to access any of these paths from an unauthenticated browser, i get CORS errors.
Samppady
commented
1 week ago I have exact the same issue.
MahmoudAlyuDeen
commented
6 days ago Same here, I suspect this is causing issues with properly getting scopes from authentik: username, email, ak_proxy, etc...
dankozlowski
commented
23 hours ago Also running in to this on 2024.8.3
Describe the bug Not sure it is a bug or a misconfiguration somewhere... Web application is calling the /application/o/authorize/ endpoint from the browser.
It is failing with the message in the Chrome Debug Console
Access to fetch at 'https://auth.mydomain.com/application/o/authorize/?client_id=xxxxxxxxxx&redirect_uri=https%3A%2F%2Forigin.domain.com%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue&response_type=code&scope=email+profile+ak_proxy+openid&state=m2qJvqqq3tNbVgvzIgz7h6l3w4-hErhUX1fd5WmLJ_g' (redirected from 'https://origin.domain.com/info') from origin 'https://origin.domain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.I do not see the headers : access-control-allow-origin: https://origin.domain.com
To Reproduce Steps to reproduce the behavior:
Create a Forward auth (Single Applicaiton) provider and set
External hosttohttps://origin.domain.comMake sure the user was already logged in --> no new login requested. Try to get authorisation from https://auth.mydomain.com/application/o/authorize/Expected behavior Preflight contains CORS headers
access-control-allow-origin: https://origin.domain.comVersion and Deployment (please complete the following information):