Cloudron v6.2.4 - Nginx Access-Control-Allow-Origin Policy blocks Grafana to access Prometheus
-
Tested on Cloudron v6.2.4:
Install Grafana, install Prometheus.
Add Prometheus in Grafana as Datasource.
Get:Unknown error during query transaction. Please check JS console logs.
> Access to fetch at 'https://prometheus.domain.tld./login?redirect=/api/v1/query?query=1%2B1&time=1615638775.765' (redirected from 'https://grafana.domain.tld/api/datasources/proxy/5/api/v1/query?query=1%2B1&time=1615638775.765') from origin 'https://grafana.domain.tld' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. > tti-polyfill.js:4 GET https://prometheus.domain.tld/login?redirect=/api/v1/query?query=1%2B1&time=1615638775.765 net::ERR_FAILED
Testing this on Cloudron v.6.1.2 with no problems.
-
I tried looking into the diff of Box
v6.1.2
andv6.2.4
https://git.cloudron.io/cloudron/box/-/compare/v6.1.2...v6.2.4
Found this line
- add_header Referrer-Policy "same-origin"; + proxy_hide_header Referrer-Policy;
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Then I tried to edit
/etc/nginx/applications/default.conf
and the both apps from Grafana and Prometheus to add cors:https://enable-cors.org/server_nginx.html
Nothing worked, I am clueless.
-
@brutalbirdie CORS headers are set by the app, it shouldn't be platform related. So, if Grafana cannot access prometheus, it's because prometheus needs some CORS setting.
-
It seems one can set --web.cors.origin as per https://manpages.debian.org/unstable/prometheus/prometheus.1.en.html . I guess we have to fix the Cloudron package to have CLI args.
-
@girish
My problem with that is, both Grafana and Prometheus did not get updated for 2 weeks on thev6.2.4
instance.
Grafana 7.4.3
andPrometheus Server 2.25.0
They did not change but the version of Cloudron got upgraded fromv6.1.2
=>v6.2.4
that's the only thing that changed. -
@brutalbirdie Nothing has changed in the reverse proxy configs other than referrer-policy. So, I am surprised that it worked before. I can only think of some app update causing a problem.
-
@brutalbirdie I haven't tried this yet. Do you know if this setup requires basic auth to work in the apps?
-
@brutalbirdie yes, that is most likely the issue. Let me try to push a fix.
-
@brutalbirdie I have enabled it in package v1.4.1 . Can you please try?