Hello,
I’ve been trying to run the camunda platform in docker with cors and authentication, i’ve changed the production.yml with the following variables:
webapp:
csrf:
enable-same-site-cookie: true
same-site-cookie-option: STRICT
header-security:
hsts-disabled: false
content-security-policy-value: base-uri 'self';
default-src 'self' 'unsafe-inline' 'unsafe-eval';
img-src 'self' data:;
block-all-mixed-content;
form-action 'self';
frame-ancestors 'none';
object-src 'none';
sandbox
allow-forms
allow-scripts
allow-same-origin
allow-popups
authorization.enabled: true
generic-properties.properties:
deserialization-type-validation-enabled: true
deserialization-allowed-packages:
deserialization-allowed-classes:
enable-password-policy: true
run:
auth.enabled: true
cors:
enabled: true
allowed-origins: http://localhost:44805/
admin-user:
id: test-production
password: Ght10jh&sf!
server:
ssl:
key-store: classpath:keystore.p12
key-store-password: camunda
key-store-type: pkcs12
key-alias: camunda
key-password: camunda
port: 8443
servlet.session.cookie:
secure: true
http-only: true
logging:
level.root: INFO
file: logs/camunda-bpm-run.log
spring.datasource:
url: jdbc:h2:./camunda-h2-test-production/process-engine;TRACE_LEVEL_FILE=0;DB_CLOSE_ON_EXIT=FALSE
driver-class-name: org.h2.Driver
username: sa
password: sa
I get the cors error while trying to access the rest api:
Access to XMLHttpRequest at ‘’ from origin ‘’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
I’ve tryed somethings, from using tomcat version but to no avail.
Is there anything i’m missing?
Thank you.