[BUG] blocked by CORS policy

[MohammadHessaamGholami]

What happened?

I configured my BunkerWeb to reverse proxy both my frontend and backend. The separate frontend and backend work fine. However, when I attempt to log in (e.g., on the login page), after entering my credentials and clicking the login button, I still receive CORS errors, despite having configured all the related CORS parameters.:

How to reproduce?

.

Configuration file(s) (yaml or .env)

/etc/bunkerweb/variables.env:


HTTP_PORT=80
HTTPS_PORT=443
DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4
API_LISTEN_IP=127.0.0.1
MULTISITE=yes
SERVER_NAME=BACKEND FRONTEND
USE_REVERSE_PROXY=yes
REVERSE_PROXY_URL=/
FRONTEND_REVERSE_PROXY_URL=/
BACKEND_REVERSE_PROXY_URL=/

REVERSE_PROXY_HOST=http://10.10.10.8:80

USE_CUSTOM_SSL=yes
CUSTOM_SSL_CERT=cert.pem
CUSTOM_SSL_CERT_DATA=cert_base64.pem
CUSTOM_SSL_KEY=privkey.pem
CUSTOM_SSL_KEY_DATA=privkey_base64.pem

USE_CORS=yes
CORS_ALLOW_ORIGIN="*"
CORS_ALLOW_METHODS="OPTIONS|GET|POST"
CORS_DENY_REQUEST=no

Relevant log output

/var/log/bunkerweb/access.log:
BACKEND IP - - [05/Oct/2024:02:41:52 -0400] "OPTIONS /api/users/auth/login/ HTTP/2.0" 405 0 "https://FRONTEND" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"

in Google Chrome Browser:
Access to XMLHttpRequest at 'https://BACKEND/api/users/auth/login/' from origin 'https://FRONTEND' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

BunkerWeb version

1.5.9

What integration are you using?

Linux

Linux distribution (if applicable)

debian 12

Removed private data

• I have removed all private data from the configuration file and the logs

Code of Conduct

• I agree to follow this project's Code of Conduct

[TheophileDiot]

Hi, thank you for opening this issue.
The correct value for the CORS_ALLOW_ORIGIN setting to allow all origins is * and not "*"