Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cors error when looking at details of image #385

Open
Paultje52 opened this issue Jun 14, 2024 · 4 comments
Open

Cors error when looking at details of image #385

Paultje52 opened this issue Jun 14, 2024 · 4 comments

Comments

@Paultje52
Copy link

Bug description

I'm getting a cors error when visiting the page of a specifc image.

How to Reproduce

My docker-compose file

version: '3'

services:
  registry:
    restart: always
    image: registry:2
    ports:
    - "5000:5000"
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
    volumes:
      - ./auth:/auth
      - ./data:/data
      - ./config.yml:/etc/docker/registry/config.yml

  ui:
    image: joxit/docker-registry-ui:latest
    ports:
      - 5001:80
    environment:
      - REGISTRY_TITLE=Docker Registry
      - REGISTRY_URL=some_url
      - SINGLE_REGISTRY=true
    depends_on:
      - registry

My private docker registry configuration

version: 0.1
log:
  fields:
    service: registry
storage:
    delete:
      enabled: true
http:
  addr: :5000
  headers:
    Access-Control-Allow-Origin: ['https://docker-ui.paultje52.me']
    Access-Control-Allow-Methods: ['GET', 'OPTIONS', 'HEAD']
    Access-Control-Allow-Headers: ['Authorization']
    Access-Control-Allow-Credentials: [true]

Expected behavior

I would expect the page to load and show all the relevant information

Screenshots

image
image

Note: the main page (with the catalog request) works without any problems.
image

System information

  • OS: Ubuntu (debian)
  • Browser:
    • Name: Chrome
    • Version: 125.0.6422.142
  • Docker registry UI:
    • Version: Latest (v2)
    • Server: docker
    • Docker version: 26.1.4, build 5650f9b
    • Docker registry ui tag: latest
    • OS/Arch: linux/amd64
    • Tools: docker-compose
@alexanderbazhenoff
Copy link

alexanderbazhenoff commented Jun 15, 2024

Hi. It's not possible to see on your screenshots what port you connect with GET request. You also exposed port 5000 on registry-server, but 443 was mentioned on your screenshot. Or if you connect directly to exposed port of registry server (5000) what's a question about UI? :)

Anyway I also have setup with user:password authorization on Registry server, but I din't have any problems using docker or skopeo commands (my problems is self-signed TLS validation when UI connects to Registry Server only). You can take a look here, may be you'll find something helpful.

Also take a look at this page about 'CORS'.

@Joxit
Copy link
Owner

Joxit commented Jun 22, 2024

Hi, thank you for using my project and submitting issues.

Are you using token authentication? If so, you may need to configure the CORS policy of your auth server.

Keycloak's one wasn't working so I made this example with a nginx proxy: https://github.com/Joxit/docker-registry-ui/blob/main/examples%2Ftoken-auth-keycloak%2Fconf%2Fproxy%2Fnginx.conf

@Paultje52
Copy link
Author

Paultje52 commented Jun 28, 2024

You also exposed port 5000 on registry-server, but 443 was mentioned on your screenshot

The docker registry runs on port 5000, but I'm routing it through nginx. That is why I'm connecting to port 443 in my docker registry ui.

Are you using token authentication? If so, you may need to configure the CORS policy of your auth server.

I'm using basic auth (username-password). When looking at the dev tools, I can see that the preflight request does not include any authentication. That's probably why I am getting the cors error. When I manually make the request to my docker registry, I'm not encountering any problems.

@Joxit
Copy link
Owner

Joxit commented Sep 6, 2024

The preflight request is not meant to return any authentication. The browser will send the OPTION request and the server must return a 200 response with specific headers in its response. If the header aren't present, you will not be able to authenticate via your browser.

Required headers are :

Access-Control-Allow-Credentials: "true"
Access-Control-Allow-Headers: "Content-Type, Accept, Authorization"
Access-Control-Allow-Methods: "OPTIONS, GET"
Access-Control-Allow-Origin: "<your origin>"

So if your server is not sending these headers on the OPTION request, check the nginx configuration in the keycloak example I shared

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants