Cors problem with docker camunda-bpm-platform

Camunda 7 Topics Discussion & Questions
1

Hello,

I’ve been trying to run the camunda platform in docker with cors and authentication, i’ve changed the production.yml with the following variables:

  webapp:
    csrf:
      enable-same-site-cookie: true
      same-site-cookie-option: STRICT
    header-security:
      hsts-disabled: false
      content-security-policy-value: base-uri 'self';
        default-src 'self' 'unsafe-inline' 'unsafe-eval';
        img-src 'self' data:;
        block-all-mixed-content;
        form-action 'self';
        frame-ancestors 'none';
        object-src 'none';
        sandbox
          allow-forms
          allow-scripts
          allow-same-origin
          allow-popups

  authorization.enabled: true
                            
  generic-properties.properties:
    deserialization-type-validation-enabled: true
    deserialization-allowed-packages:
    deserialization-allowed-classes:
    enable-password-policy: true
                            
  run:                   
    auth.enabled: true
    cors:
      enabled: true
      allowed-origins: http://localhost:44805/
  
  admin-user:
    id: test-production
    password: Ght10jh&sf!

server:                   
  ssl:                      
    key-store: classpath:keystore.p12
    key-store-password: camunda
    key-store-type: pkcs12  
    key-alias: camunda      
    key-password: camunda   
  port: 8443                
                            
  servlet.session.cookie:   
    secure: true            
    http-only: true         
                            
logging:                    
   level.root: INFO         
   file: logs/camunda-bpm-run.log

spring.datasource:          
  url: jdbc:h2:./camunda-h2-test-production/process-engine;TRACE_LEVEL_FILE=0;DB_CLOSE_ON_EXIT=FALSE
  driver-class-name: org.h2.Driver
  username: sa               
  password: sa

I get the cors error while trying to access the rest api:

Access to XMLHttpRequest at ‘’ from origin ‘’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I’ve tryed somethings, from using tomcat version but to no avail.

Is there anything i’m missing?

Thank you.

1 Like
2

I changed /camunda/webapps/engine-rest/WEB-INF/web.xml
with

  <filter>
      <filter-name>CorsFilter</filter-name>
      <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
      <async-supported>true</async-supported>
      <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
      </init-param>
      <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
      </init-param>
      <init-param>    
            <param-name>cors.allowed.headers</param-name>    
            <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization</param-value>    
        </init-param>    
        <init-param>    
            <param-name>cors.exposed.headers</param-name>    
            <param-value>Access-Control-Allow-Origin</param-value>      
        </init-param>    
   </filter>
   <filter-mapping>
      <filter-name>CorsFilter</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>

To enable Cors

3

That is just to enable cors, the issue is regarding cors and authentication together.
Because cors worked well without basic auth, but when both were enabled through the .yml file or the .XML the cors problem persisted.

4