DependencyTrack
Disabling CORS is not applied when configured in docker-compose.yml
The defect may already be reported! Please search for the defect before creating one.
Current Behavior:
CORS doesn't look like it can be disabled
Steps to Reproduce:
In the docker-compose.yaml set
Optional LDAP Properties
- ALPINE_LDAP_ENABLED=false
browse to http://dependencytrack.domain.com
Expected Behavior:
browse to http://dependencytrack.domain.com with CORS disabled successfully
Environment:
- Dependency-Track Version: 4.4
- Distribution: Docker
- BOM Format & Version: N/A
- Database Server: PostgreSQL
- Browser: Firefox (latest), Chrome (latest), Safari (latest), Edge (latest)
Additional Details:
[Error] Unhandled Promise Rejection: TypeError: undefined is not an object (evaluating 'i.generateKey') promiseEmptyOnRejected (content-script.js:75:780) promiseReactionJob [Error] Origin http://dependencytrack.domain.com:8080 is not allowed by Access-Control-Allow-Origin. Status code: 200 [Error] XMLHttpRequest cannot load http://dependencytrack.domain.com:8081/api/version due to access control checks. [Error] Failed to load resource: Origin http://dependencytrack.domain.com:8080 is not allowed by Access-Control-Allow-Origin. Status code: 200 (version, line 0) [Error] Unhandled Promise Rejection: Error: Network Error promiseEmptyOnRejected (chunk-vendors.33718c9a.js:46:8320) promiseReactionJob
Correction: It should be the following setting
Optional Cross-Origin Resource Sharing (CORS) Headers
- ALPINE_CORS_ENABLED=false
For two documents to be considered to have the same origin, the protocol (http/https), the domain and the port (the default 80 or :xx) have to be indentical.
The front-end and API server are deployed on different ports (8080 and 8081) so when CORS is disabled, requests from :8080 aren't allowed.
i also tried to disable CORS with - ALPINE_CORS_ENABLED=false.. but it still considers CORS and fails on login
