CORS error when accessing METABASE through kong and keycloak #13899
Comments
|
The recommendation is to use Kong version 3.8 . |
Even changing the kong version to 3.8.0 the error remains the same |
|
hi @iilr-g We’d like to assist you, but your issue involves a wide scope of background knowledge, which may require significant time for other Kong community members to fully understand and investigate. After reading your description twice, I still find it challenging to grasp the core of the problem, especially regarding aspects like Metabase, CORS, and the unlinked resources you mentioned. To help us better understand and debug the issue, could you narrow down the problem scope? For example, provide details on what you expect from Kong (e.g., output/behavior), the current behavior you're observing, and, most importantly, a minimal set of steps to reproduce the issue. And from your description, I have some question like
I dont know how kong works in this proxy chain, like
I also didnt know this error, so I seek help from gpt chat bot, I think that means we need let your backend server or Kong return right header like
I am guessing the authentication you descriped is not a single http request for kong/backserver, I think we need to figure out firstly how the request streams run and then investigate which request encounter problem. |
chobits
added
the
pending author feedback
Is there an existing issue for this?
Kong version (
$ kong version)I'm using kong:2.8.5-alpine with the OIDC plugin provided by Nokia (https://github.com/nokia/kong-oidc)
Current Behavior
My current scenario is a Service Provider (Metabase) which has to be accessed once the user has been authenticated via keycloak. The main point and particularity is that, given that the authentication by keycloak is a must to provide access to Metabase, the authentication is not passed to Metabase (I'm not using key auth plugin), so the user will be allowed to access the Metabase service and then she/he will need to provide credentials in the Metabase login page to access.
So everything is working as expected: I try to access /metabase through kong, and it redirects to keycloak. I give the credentials, then APPARENTLY I'm redirected to metabase. The point is that when the browser is trying to download some resources from metabase, it gives CORS error, and some errors through the console like:
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self'
Note that also I was expecting to be fully in metabase when the previous authentication with keycloak was performed, but I still see some redirects with this path:
http://keycloak-idb:9092/realms/MetabaseConnect/protocol/openid-connect/auth?scope=openid&nonce=7e666b6c4c16668db3a7a967b6570482&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fmetabase%2Fapp%2Ffonts%2FLato%2Flato-v16-latin-regular.woff2%2F&response_type=code&state=1d6b58c6971f333df8dd405f002c7f14&client_id=kong
when trying to download the resources, which is also something I don't fully understand, as once the authentication is completed kong should just let the requests flow between the browser and metabase, not involving keycloak again unless the token is expired (which is definitely not the case).
Thanks beforehand
Expected Behavior
explained before
Steps To Reproduce
Anything else?
no
The text was updated successfully, but these errors were encountered: