Manage access control policy in camunda 8 self managed

Camunda 8 Topics
1

I am running self managed version of camunda 8
when i am making request to http://127.0.0.1:8085/inbound/startprocess from postman it’s working.
but when i am making request from angular app it’s blocking the request
Access to XMLHttpRequest at ‘http://127.0.0.1:8085/inbound/startprocess’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

how to handle it so that i can make request from angular app

2 Likes
2

Here, am also looking for the working solution. From camunda,they asked to try with operate using proxy, it seems not a straight away approach and still camunda testing the similar architect.

1 Like
3

Do you can we acess the tasklists using direct API call from angular

1 Like
4

@Abdul_Renish and @savi003 - the most common, and arguably most secure, set up for running your own Camunda instance is to put either a reverse proxy or custom backend API between your client application and the Camunda platform. Because Camunda and the processes it executes are often business critical, this provides one extra layer of safety.

We don’t currently have any best practices for this documented, and I’ve made note of that as something for us to add in the future. For now, you have a few options you can try:

  1. If you want your client application making calls directly to the Camunda API’s, you can:
  • Put a reverse proxy in front of Camunda. Our docs include a NodeJS reverse proxy example, but there are many alternatives. For instance, you can also set up a Nginx reverse proxy
  • I have not tested this, but one of our engineers thought you may be able to configure CORS via the ingress.annotations option (if you are using k8s and Helm Charts). It would look something like this (of course, you need to tailor it to your configuration needs, and, as mentioned, I haven’t tested this solution yet):
tasklist:
  enabled: true
  ingress: 
    annotations:
      ingress.kubernetes.io/rewrite-target: "/"
      nginx.ingress.kubernetes.io/ssl-redirect: "false"
      nginx.ingress.kubernetes.io/enable-cors: "true"
      nginx.ingress.kubernetes.io/cors-allow-origin: "http://127.0.0.1:8080, http://localhost:8080"
      nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST"
      nginx.ingress.kubernetes.io/cors-allow-headers: "Authorization, Content-Type, Cookie"
  1. Create a backend API layer that your client application communicates with, and the backend then communicates with the Camunda API’s.
5