Tasklist graphql cors problem


I’m running the Tasklist app on self-managed Camunda 8 platform behind a nginx reverse proxy which makes the TLS termination and upstreams to http://tasklist:8080.
I can successfully login with the demo user but nothing is loaded because the POST /graphql returns a 403 with body Invalid CORS request.

Does the Tasklist App recognizes the X-Forwarded-Host, X-Forwarded-Proto, X-Forwarded-Port headers?
Or is there a cors configuration?

Best regards,

1 Like

Today I remembered how to configure a spring boot app behind a reverse proxy and voilà it works: SERVER_FORWARDHEADERSSTRATEGY=native


Thanks @nathanael for coming back and share your solution with us :bowing_man:

This made my day, thank you!

1 Like

Hi @nathanael, I am facing same issue when trying to login to Tasklist that POST /graphql returns http 403 Invalid CORS request. My cluster is a self-managed instance and I have below Ingres controller for Tasklist. Based on Invalid CORS request, I have tried with highlighted option and annotations but the issue still persists.

        enabled: true
        host: "<tasklist_external_host>"
        port: 80
          **use-forwarded-headers: true**
          nginx.org/mergeable-ingress-type: minion
          ingress.kubernetes.io/rewrite-target: "/"
          nginx.ingress.kubernetes.io/ssl-redirect: "false"
          **nginx.ingress.kubernetes.io/enable-cors: "true"**
          **nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"**

Can you please mention where exactly did you specify SERVER_FORWARDHEADERSSTRATEGY=native to resolve this issue? Thanks.

Hi Hemal,

SERVER_FORWARDHEADERSSTRATEGY=native is a spring boot configuration variable that the X-Forwarded Headers are evaluated by the spring app. You should set it as environment variable at your tasklist container, not ingress.

Regards, Nathanael

Hi @Hemal,

Did setting the “SERVER_FORWARDHEADERSSTRATEGY=native” environment variable on your tasklist container resolve the issue? I am running trying a similar setup behind a nginx reverse proxy which makes the TLS termination and upstreams to the tasklist service. I tried setting the “SERVER_FORWARDHEADERSSTRATEGY=native” environment variable on the tasklist container but continue to get the 403 with body Invalid CORS request .

Hi @slandry , nope it didn’t resolve the issue for me. I have not proceeded from that point due to other issues. In my case, we’re deploying Camunda in an AWS Kubernetes cluster so I know the whole cluster is behind an application load balancer as well where I might need to debug into.

Hi @Hemal,

Thank you for following up. We are also using an AWS kubernetes cluster. There is network load balanacer in front of the app. I am going to try a few more things today. Its only the tasklist application experiencing the issue. I am able to use the operate app without any special configuration.