@james Yes, I have setup a fresh install outside of Cloudron and do not have this issue.
I have not had a chance to check however it sounds like something within the configuration that Cloudron uses is different than stock install when it comes to CORS setting?
@james Could the normal configuration within Cloudron Git been change from the normal defaults?
Just reading on their Github - https://github.com/getfider/fider/issues/1251
Based on what I can find their default configuration has it set to allow all cross-origins... Which is odd in why I am encountering this issue.
Thank you for your suggestion regarding the Content Security Policy (CSP) setting in the application.
I've investigated that configuration, but it appears the issue stems from a different, though related, server policy: CORS. I believe there may be some confusion between the two, as they have distinct functions. Here’s a quick summary:
CORS (Cross-Origin Resource Sharing): This is the server giving permission to another website to make API calls to it. The server needs to send an Access-Control-Allow-Origin header to grant this permission, which is what the error messages indicate is missing.
CSP (Content Security Policy): This is the server telling the browser what resources its own pages are allowed to load. This protects the Fider application itself but doesn't grant API access to other sites.
Even with the CSP configured, the browser is still blocking the API calls because the required CORS headers are not being sent by the server.
Hi,
I seem to be running into issues when trying to use the API.
I have a project that will use Fider but keep having issues when trying to test or publish the code when using my Cloudron instance.
I keep getting "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.".
I have tested this same code with a Fider setup that's not via Cloudron and its works fine.
It seems the config for the app is missing the ability or function to set this;
CORS_ALLOWED_ORIGINS: "https://a-website.com,http://localhost:8000"
Just wanted to follow up, after a few rounds of testing and confirm that I have now resolved the issue.
The breakthrough came after inspecting the tracker-server.log file, which pointed to a GeneralException: The returned issuer doesn't match the expected error. The root cause was a subtle mismatch between the URL in the openid.issuerUrl parameter in my traccar.xml and the actual issuer URL being returned by my OpenID provider (it appears a trailing slash was the main culprit). While ensuring the openid.issuerUrl is a perfect match is one solution, I found that removing that parameter entirely and reverting to the Cloudron OpenID configuration using openid.authUrl, openid.tokenUrl, and openid.userInfoUrl with the correct, full URLs also solved the problem.
By the looks of it - It seems the recent Traccar update(s) enforces stricter OpenID Connect validation. Thanks for the pointers!
@james I have tried moving the traccar.xml to traccar.xml.backup to get a new config - it allows the login through plain old login however as soon as I put the OpenID config in it starts with the same issue.
If I pull the backup from when it was on v1.17.1 it has the exact same traccar.xml as it does on v1.18.0 - on v1.17.1 the OpenID login works without issue however as soon as its updated past v1.17.1 the OpenID login stops working.
I have also tried a fresh install and the issue happens as soon as I add the OpenID config.
From what I can tell from the documentation from Traccar - no changes are needed to my OpenID config.
Here is my current config - removed all the sensitive information;
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<entry key="config.default">/app/code/conf/default.xml</entry>
<!--
This is the main configuration file. All your configuration parameters should be placed in this file.
Default configuration parameters are located in the "default.xml" file. You should not modify it to avoid issues
with upgrading to a new version. Parameters in the main config file override values in the default file. Do not
remove "config.default" parameter from this file unless you know what you are doing.
For list of available parameters see following page: https://www.traccar.org/configuration-file/
-->
<entry key="database.driver">com.mysql.cj.jdbc.Driver</entry>
<entry key="database.url">jdbc:mysql://mysql:3306/3e3f4a623283f4e9?serverTimezone=UTC&allowPublicKeyRetrieval=true&useSSL=false&allowMultiQueries=true&autoReconnect=true&useUnicode=yes&characterEncoding=UTF-8&sessionVariables=sql_mode=''</entry>
<entry key="database.user">3e3f4a6</entry>
<entry key="database.password">6ec5a5caf84a05efcbf10adef7c2</entry>
<entry key="web.url">https://tracx.emaildomain.com</entry>
<entry key="mail.smtp.host">mail</entry>
<entry key="mail.smtp.port">2525</entry>
<entry key="mail.smtp.starttls.enable">false</entry>
<entry key="mail.smtp.from">noreply@emaildomain.com</entry>
<entry key="mail.smtp.auth">true</entry>
<entry key="mail.smtp.username">noreply@emaildomain.com</entry>
<entry key="mail.smtp.password">e1ba1aaf24e2e0a2eef481564a</entry>
<entry key="logger.console">true</entry>
<entry key="logger.queries">false</entry>
<entry key="logger.level">config</entry>
<entry key="logger.fullStackTraces">true</entry>
<!-- https://github.com/traccar/traccar/blob/8eecfdcf5c59f92158a6c339d1622e0e9d67968c/src/main/java/org/traccar/config/Keys.java -->
<entry key="users.defaultDeviceLimit">-1</entry>
<entry key="media.path">/app/data/media</entry>
<entry key='openid.force'>true</entry>
<entry key='openid.clientId'>we31jf8xagqqdk4edscg3</entry>
<entry key='openid.clientSecret'>zs8c6q92vujaz15asguwsb</entry>
<entry key='openid.issuerUrl'>https://sso.domainname.com/application/o/traccar</entry>
<entry key="openid.authUrl">https://sso.domainname.com/application/o/authorize</entry>
<entry key="openid.tokenUrl">https://sso.domainname.com/application/o/token</entry>
<entry key="openid.userInfoUrl">https://sso.domainname.com/application/o/userinfo</entry>
</properties>
@james It would be "Leave user management to the app"
Hi. Since Packaged v1.17.1 onwards was published I have had a few servers that run Traccar/Cloudron have the following issue;
"<!DOCTYPE><html><head><title>Error</title></head><html><body>500 - Server Error</body></html>"
It's not clear from the logs where the issue is - It's resulting in not being able to log in at all unless the OpenID config is removed fully.
I have noticed the last few Immich updates have not been pushed yet, typically it’s very fast however it appears not to be the case for V1.130.3.
Do we have an ETA for the next few updates?
Same thing here, plain old login and can’t sign out.
Hi, I seem to be having issues with my install of Postiz, when creating a post it appear that it does not display a preview of the image uploaded to the post nor does it attach the image to the post as every platform returns 404
Yes - I am facing the same issue. It says its updated to 1.117.0 but has not actually updated.
Ok, I have managed to get it working... it seems that the type of "openid-jwks-endpoint" I was using was not correct.
@joseph Sorry meant "saml-callback-url".... I am trying both OpenID & SAML to see which one will start working.
@joseph So I have managed to find what I need what have been unable to locate what "openid-redirect-uri" is... It says it would be from the provider but that isn't correct.
@joseph Yes I have but the bit of docs for the SAML doesn't make it clear what custom properties it needs.
I feel like I am blind, but I can't see what & where I am meant to configure the SAML extension.
I have tried reading over the manual for configuration, but it doesn't exactly point out where to configure & what variables you need to configure.
Any help is appreciated.
@AartJansen It's still not considered stable.
You should always follow 3-2-1 regardless.
@girish Same here, I've not heard of FUTO before this. I hope that a 1-time purchase will work, but I do want the option to be able to donate more.