traefik: ForwardAuth bug
Do you want to request a feature or report a bug?
Bug
What did you do?
I’m trying to use Headers and ForwardAuth middlewares together like in config described below.
I use Headers to provide CORS headers automatically for my services. After Headers I use ForwardAuth. When ForwardAuth receives positive answer(e.g. 200) everything works good, but in case when ForwardAuth receives negative answer(e.g. 403) response goes straight to client without CORS headers. This looks like in the new version the negative answer breaks the chain and upper middlewares are not triggered.
Thus, ajax request from browser can’t get response body and can’t know what’s wrong with the request.
In 2.1 all worked as expected but broken in 2.2.
What did you expect to see?
CORS headers when auth respond negative code(403 for example).
What did you see instead?
Response without CORS headers
What is your environment & configuration (arguments, toml, provider, platform, …)?
version: "3.7"
services:
traefik:
image: "traefik:2.1"
# image: "traefik:2.2"
labels:
- traefik.http.middlewares.cors.headers.accessControlAllowMethods=GET,POST,PUT,DELETE,OPTIONS
# Config for 2.2:
# - traefik.http.middlewares.cors.headers.accessControlAllowOriginList=http://frontend.local
- traefik.http.middlewares.cors.headers.accessControlAllowOrigin=origin-list-or-null
- traefik.http.middlewares.cors.headers.accessControlMaxAge=240
- traefik.http.middlewares.cors.headers.accessControlAllowHeaders=Set-Cookie,Content-Type,authorization,X-Test-Auth
- traefik.http.middlewares.cors.headers.accessControlAllowCredentials=true
- traefik.http.middlewares.cors.headers.addVaryHeader=true
- traefik.http.middlewares.buff.buffering.maxRequestBodyBytes=5242880
- traefik.http.middlewares.buff.buffering.memRequestBodyBytes=2097152
- traefik.http.middlewares.buff.buffering.maxResponseBodyBytes=5242880
- traefik.http.middlewares.buff.buffering.memResponseBodyBytes=2097152
- traefik.http.middlewares.buff.buffering.retryExpression=IsNetworkError() && Attempts() < 2
- traefik.http.middlewares.auth.forwardauth.address=http://backend-auth:8080/int/auth/api/v1/auth
- traefik.http.middlewares.auth.forwardauth.authResponseHeaders=X-Auth-Data
- traefik.http.routers.traefik.rule=Host(`traefik.local`)
- traefik.http.services.traefik.loadbalancer.server.port=8080
command:
- --providers.docker=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- "127.0.0.1:80:80"
networks:
- service
backend-auth:
build:
context: ./backend/auth/
dockerfile: Dockerfile.local
labels:
- traefik.http.routers.backend-auth-open.rule=Host(`api.local`) && PathPrefix(`/auth/api/v1/login`)
- traefik.http.routers.backend-auth-open.middlewares=cors@docker,buff@docker
- traefik.http.routers.backend-auth-open.service=backend-auth-open
- traefik.http.services.backend-auth-open.loadbalancer.server.port=8080
- traefik.http.routers.backend-auth.rule=Host(`api.local`) && PathPrefix(`/auth`)
- traefik.http.routers.backend-auth.middlewares=cors@docker,buff@docker,auth@docker
- traefik.http.routers.backend-auth.service=backend-auth
- traefik.http.services.backend-auth.loadbalancer.server.port=8080
networks:
- service
backend-app:
privileged: true
build:
context: ./backend/app/
dockerfile: Dockerfile.local
labels:
- traefik.http.routers.backend-app.rule=Host(`api.local`) && PathPrefix(`/app`)
- traefik.http.routers.backend-app.middlewares=cors@docker,buff@docker,auth@docker
- traefik.http.routers.backend-app.service=backend-app
- traefik.http.services.backend-app.loadbalancer.server.port=8080
networks:
- service
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 7
- Comments: 24 (6 by maintainers)
They are two different issues cased by same commit.
I found that this commit 082fb166a24138bf7f09f7519c1cd579558cd8ed caused this bug