cvat: Not able to upload annotations on a https end point
When I upload annotations zip, I get the below error
Mixed Content: The page at 'https://cvat01.myprezent.com/tasks/4' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://cvat01.myprezent.com/api/tasks/4/annotations/1e890edc-d32f-494c-96cc-6935ce828501'. This request has been blocked; the content must be served over HTTPS.
(anonymous) @ cvat-ui.c901a1e9f80749471ab0.min.js:2
cvat-ui.c901a1e9f80749471ab0.min.js:2 Error: tus: failed to upload chunk at offset 0, caused by [object ProgressEvent], originated from request (method: PATCH, url: http://cvat01.myprezent.com/api/tasks/4/annotations/1e890edc-d32f-494c-96cc-6935ce828501, response code: n/a, response text: n/a, request id: n/a).
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 17 (6 by maintainers)
Hello I found out the reason was traefik rewrite the header, if not trust the reverse proxy in front of it.
TLDR: add “- --entryPoints.web.forwardedHeaders.trustedIPs=ip_proxy/mask” to traefik in docker-compose.yml
Ref: https://github.com/traefik/traefik/issues/5551
This doesn’t work anymore in the newest CVAT. Turns out that if you set a flag for traefik in docker-compose.yaml it disables the other settings, which CVAT now sets using environment variables. So do apply this fix in the latest CVAT, add the following line under traefik -> environment:
TRAEFIK_ENTRYPOINTS_web_FORWARDEDHEADERS_TRUSTEDIPS: <my proxy ips>My setup is CVAT deployed via the Helm in git running in AWS EKS cluster with ingress provided by Traefik and an AWS NLB that does the SSL termination. The browser error is:
Mixed content: The Page at 'https://<REDACTED>/projects?page=1' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://<REDACTED>/api/projects/backup/<UUID>'. This request has been blocked; the content must be served over HTTPS.