docker-baserow
docker-baserow copied to clipboard
Published
20 hours ago •
tiredofit
tiredofit
Access-Control-Allow-Origin
Thanks for the container. Your example docker compose works fine but when I try and change it to use a custom traefik middleware I get the following errors;
[Error] Origin https://baserow.example.com is not allowed by Access-Control-Allow-Origin.
[Error] XMLHttpRequest cannot load https://api.example.com/api/user/token-auth/ due to access control checks.
[Error] Failed to load resource: Origin https://baserow.example.com is not allowed by Access-Control-Allow-Origin. (token-auth, line 0)
I assume this is because my middleware sets some accessControlAllowMethods and because the API is on a subdomain, it refuses the connection. My middleware contains;
middlewares-secure-headers:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
accessControlMaxAge: 100
hostsProxyHeaders:
- "X-Forwarded-Host"
sslRedirect: true
stsSeconds: 63072000
stsIncludeSubdomains: true
stsPreload: true
forceSTSHeader: true
customFrameOptionsValue: "allow-from https://example.com"
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: "same-origin"
featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
server: ""
Long question short, do you have any experience with what settings to use to allow the connection without completely removing the accessControlAllowMethods for the security it adds. Thanks.
