I have a CORS issue using Traefik 3.02 and I have been unable to fix despite trying. I have deliberately kept everything simple.
I am NOT using Docker or HTTPS/TLS, everything installed in a Debian 12 VM with just HTTP Passbolt installed, and Traefik on a different VM. I can access Passbolt using the IPv4 with no issues, but as soon as I use the domain name, which goes through Traefik, I get the bellow CORS error. I am uncertain if something requires changing on the Passbolt side. I have provided the NGiNX Passbolt for reference .
Uncertain why I cannot bypass the CORS error with the below Traefik settings:
middlewares:
security-headers:
headers:
accessControlAllowMethods: "*"
accessControlAllowOriginList: "*"
accessControlMaxAge: 100
addVaryHeader: true
contentSecurityPolicy: "default-src 'self' *;"
#
# Passbolt.conf - Nginx configuration file to run the Passbolt software.
#
server {
listen 80;
listen [::]:80;
# Managed by Passbolt
server_name 192.168.0.213 passbolt.domain-name.tld;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;
root /usr/share/php/passbolt/webroot;
index index.php;
error_log /var/log/nginx/passbolt-error.log info;
access_log /var/log/nginx/passbolt-access.log;
# Managed by Passbolt
# include __PASSBOLT_SSL__
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M";
}
}
Would appreciate it if someone can assist me understand and resolve the issue.