Cloudron v6.2.4 - Nginx Access-Control-Allow-Origin Policy blocks Grafana to access Prometheus
-
Tested on Cloudron v6.2.4:
Install Grafana, install Prometheus.
Add Prometheus in Grafana as Datasource.
Get:Unknown error during query transaction. Please check JS console logs.> Access to fetch at 'https://prometheus.domain.tld./login?redirect=/api/v1/query?query=1%2B1&time=1615638775.765' (redirected from 'https://grafana.domain.tld/api/datasources/proxy/5/api/v1/query?query=1%2B1&time=1615638775.765') from origin 'https://grafana.domain.tld' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. > tti-polyfill.js:4 GET https://prometheus.domain.tld/login?redirect=/api/v1/query?query=1%2B1&time=1615638775.765 net::ERR_FAILED
Testing this on Cloudron v.6.1.2 with no problems.
-
Tested on Cloudron v6.2.4:
Install Grafana, install Prometheus.
Add Prometheus in Grafana as Datasource.
Get:Unknown error during query transaction. Please check JS console logs.> Access to fetch at 'https://prometheus.domain.tld./login?redirect=/api/v1/query?query=1%2B1&time=1615638775.765' (redirected from 'https://grafana.domain.tld/api/datasources/proxy/5/api/v1/query?query=1%2B1&time=1615638775.765') from origin 'https://grafana.domain.tld' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. > tti-polyfill.js:4 GET https://prometheus.domain.tld/login?redirect=/api/v1/query?query=1%2B1&time=1615638775.765 net::ERR_FAILEDTesting this on Cloudron v.6.1.2 with no problems.
I tried looking into the diff of Box
v6.1.2andv6.2.4https://git.cloudron.io/cloudron/box/-/compare/v6.1.2...v6.2.4
Found this line
- add_header Referrer-Policy "same-origin"; + proxy_hide_header Referrer-Policy;https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Then I tried to edit
/etc/nginx/applications/default.confand the both apps from Grafana and Prometheus to add cors:https://enable-cors.org/server_nginx.html
Nothing worked, I am clueless.
-
I tried looking into the diff of Box
v6.1.2andv6.2.4https://git.cloudron.io/cloudron/box/-/compare/v6.1.2...v6.2.4
Found this line
- add_header Referrer-Policy "same-origin"; + proxy_hide_header Referrer-Policy;https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Then I tried to edit
/etc/nginx/applications/default.confand the both apps from Grafana and Prometheus to add cors:https://enable-cors.org/server_nginx.html
Nothing worked, I am clueless.
-
It seems one can set --web.cors.origin as per https://manpages.debian.org/unstable/prometheus/prometheus.1.en.html . I guess we have to fix the Cloudron package to have CLI args.
@girish
My problem with that is, both Grafana and Prometheus did not get updated for 2 weeks on thev6.2.4instance.
Grafana 7.4.3andPrometheus Server 2.25.0
They did not change but the version of Cloudron got upgraded fromv6.1.2=>v6.2.4that's the only thing that changed. -
@girish
My problem with that is, both Grafana and Prometheus did not get updated for 2 weeks on thev6.2.4instance.
Grafana 7.4.3andPrometheus Server 2.25.0
They did not change but the version of Cloudron got upgraded fromv6.1.2=>v6.2.4that's the only thing that changed. -
@brutalbirdie Nothing has changed in the reverse proxy configs other than referrer-policy. So, I am surprised that it worked before. I can only think of some app update causing a problem.
-
-
@brutalbirdie I haven't tried this yet. Do you know if this setup requires basic auth to work in the apps?
-
@girish Good question.
Since prometheus does useproxyAuthand grafana tries to auth via basic auth.
Could this be a problem? I think I've read something on the forum about a problem withproxyAuth? -
@girish Good question.
Since prometheus does useproxyAuthand grafana tries to auth via basic auth.
Could this be a problem? I think I've read something on the forum about a problem withproxyAuth? -
@brutalbirdie I have enabled it in package v1.4.1 . Can you please try?
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login