fix order of middleware to fix cors issues.

typerefinery-ai · Jul 17, 2024 · d012d10 · d012d10
1 parent e57c80d
commit d012d10
Showing 1 changed file with 53 additions and 24 deletions.
diff --git a/services/_traefik/config/dynamic/dynamic.yml b/services/_traefik/config/dynamic/dynamic.yml
@@ -9,8 +9,8 @@ http:
       entrypoints:
         - web
       middlewares:
-      #   - error-pages
         - serviceheaders
+        - error-pages
     flow-https:
       rule: Host(`flow.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/flow`) ) || Host(`flow.localhost`)
@@ -19,8 +19,8 @@ http:
         - websecure
       tls: true
       middlewares:
-      #   # - error-pages
         - serviceheaders
+        - error-pages
 
     fastapi:
       rule: Host(`api.typerefinery.localhost`)
@@ -30,6 +30,7 @@ http:
         - web
       middlewares:
         - serviceheaders
+        - error-pages
     fastapi-https:
       rule: Host(`api.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/api`) ) || Host(`api.localhost`)
@@ -39,6 +40,7 @@ http:
       tls: true
       middlewares:
         - serviceheaders
+        - error-pages
 
     openobserve:
       rule: Host(`openobserve.typerefinery.localhost`)
@@ -48,6 +50,7 @@ http:
         - web
       middlewares:
         - serviceheaders
+        - error-pages
 
     openobserve-https:
       rule: Host(`openobserve.typerefinery.localhost`)
@@ -58,6 +61,7 @@ http:
       tls: true
       middlewares:
         - serviceheaders
+        - error-pages
 
     openobserve-grpc:
       rule: Host(`openobserve-grpc.typerefinery.localhost`)
@@ -67,7 +71,7 @@ http:
         - web
       middlewares:
         - serviceheaders
-
+        - error-pages
     openobserve-grpc-https:
       rule: Host(`openobserve-grpc.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/api`) ) || Host(`api.localhost`)
@@ -77,6 +81,7 @@ http:
       tls: true
       middlewares:
         - serviceheaders
+        - error-pages
 
     keycloak:
       rule: Host(`auth.typerefinery.localhost`)
@@ -85,8 +90,8 @@ http:
       entrypoints:
         - web
       middlewares:
-        - error-pages
         - serviceheaders
+        - error-pages
     keycloak-https:
       rule: Host(`auth.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/api`) ) || Host(`api.localhost`)
@@ -95,8 +100,8 @@ http:
         - websecure
       tls: true
       middlewares:
-        - error-pages
         - serviceheaders
+        - error-pages
 
     keycloakadmin:
       rule: Host(`keycloak.typerefinery.localhost`)
@@ -105,8 +110,8 @@ http:
       entrypoints:
         - web
       middlewares:
-        - error-pages
         - keycloakadminserviceheaders
+        - error-pages
     keycloakadmin-https:
       rule: Host(`keycloak.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/api`) ) || Host(`api.localhost`)
@@ -115,8 +120,8 @@ http:
         - websecure
       tls: true
       middlewares:
-        - error-pages
         - keycloakadminserviceheaders
+        - error-pages
 
     files:
       rule: Host(`files.typerefinery.localhost`)
@@ -125,8 +130,8 @@ http:
       entrypoints:
         - web
       middlewares:
-        - error-pages
         - serviceheaders
+        - error-pages
     files-https:
       rule: Host(`files.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/files`) ) || Host(`files.localhost`)
@@ -135,8 +140,8 @@ http:
         - websecure
       tls: true
       middlewares:
-        - error-pages
         - serviceheaders
+        - error-pages
 
     postgreadmin:
       rule: Host(`pgadmin.typerefinery.localhost`)
@@ -145,8 +150,8 @@ http:
       entrypoints:
         - web
       middlewares:
-        - error-pages
         - serviceheaders
+        - error-pages
     postgreadmin-https:
       rule: Host(`pgadmin.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/pgadmin`) ) || Host(`pgadmin.localhost`)
@@ -155,8 +160,8 @@ http:
         - websecure
       tls: true
       middlewares:
-        - error-pages
         - serviceheaders
+        - error-pages
 
     bpmn:
       rule: Host(`bpmn.typerefinery.localhost`)
@@ -165,8 +170,8 @@ http:
       entrypoints:
         - web
       middlewares:
-        - error-pages
         - serviceheaders
+        - error-pages
     bpmn-https:
       rule: Host(`bpmn.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/bpmn`) ) || Host(`bpmn.localhost`)
@@ -175,8 +180,8 @@ http:
         - websecure
       tls: true
       middlewares:
-        - error-pages
         - serviceheaders
+        - error-pages
 
     nginx:
       rule: Host(`nginx.typerefinery.localhost`)
@@ -186,6 +191,7 @@ http:
         - web
       middlewares:
         - serviceheaders
+        - error-pages
     nginx-https:
       rule: Host(`nginx.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/nginx`) ) || Host(`nginx.localhost`)
@@ -194,8 +200,8 @@ http:
         - websecure
       tls: true
       middlewares:
-        - error-pages
         - serviceheaders
+        - error-pages
 
 
     tms:
@@ -204,13 +210,19 @@ http:
       service: tms
       entrypoints:
         - web
+      middlewares:
+        - serviceheaders
+        - error-pages
     tmshttps:
       rule: Host(`tms.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/tms`) ) || Host(`tms.localhost`)
       service: tms
       entrypoints:
         - websecure
       tls: true
+      middlewares:
+        - serviceheaders
+        - error-pages
 
     jupyterlab:
       rule: Host(`jupyterlab.typerefinery.localhost`)
@@ -219,8 +231,8 @@ http:
       entrypoints:
         - web
       middlewares:
-        - error-pages
         - serviceheaders
+        - error-pages
     jupyterlab-https:
       rule: Host(`jupyterlab.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/nginx`) ) || Host(`nginx.localhost`)
@@ -229,8 +241,8 @@ http:
         - websecure
       tls: true
       middlewares:
-        - error-pages
         - serviceheaders
+        - error-pages
 
     widgetdev:
       rule: Host(`widgetdev.typerefinery.localhost`)
@@ -239,8 +251,8 @@ http:
       entrypoints:
         - web
       middlewares:
-      #   - error-pages
         - serviceheaders
+        - error-pages
     widgetdev-https:
       rule: Host(`widgetdev.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/flow`) ) || Host(`flow.localhost`)
@@ -249,8 +261,8 @@ http:
         - websecure
       tls: true
       middlewares:
-      #   # - error-pages
         - serviceheaders
+        - error-pages
 
 
     traefikdashboard:
@@ -309,8 +321,8 @@ http:
       middlewares:
         # - stripprefix-cms
         # - replacepath-cms
-        - error-pages
         - serviceheaders
+        - error-pages
     cms-https:
       rule: Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) || Host(`cms.typerefinery.localhost`)
       # rule: ( Host(`{{ env "TRAEFIK_HOST_DOMAIN" }}`) && PathPrefix(`/cms`) ) || Host(`cms.localhost`)
@@ -322,8 +334,8 @@ http:
       middlewares:
         # - stripprefix-cms
         # - replacepath-cms
-        - error-pages
         - serviceheaders
+        - error-pages
 
   middlewares:
     default:
@@ -350,12 +362,24 @@ http:
     # cors
     serviceheaders:
       headers:
-        accesscontrolalloworiginlist: "https://cms.typerefinery.localhost:8101, https://flow.typerefinery.localhost:8101, https://api.typerefinery.localhost:8101, http://cms.typerefinery.localhost:8101, http://flow.typerefinery.localhost:8101, http://openobserve.typerefinery.localhost:8101"
-        accesscontrolallowmethods: "GET, POST, PUT, DELETE, OPTIONS"
+        accessControlAllowCredentials: true
+        # accesscontrolalloworigin: "*"
+        accesscontrolalloworiginlist: "*"
+        # accesscontrolalloworiginlist: "https://cms.typerefinery.localhost:8101, https://flow.typerefinery.localhost:8101, https://api.typerefinery.localhost:8101, http://cms.typerefinery.localhost:8101, http://flow.typerefinery.localhost:8101, http://openobserve.typerefinery.localhost:8101"
+        accesscontrolallowmethods: "*"
         accesscontrolallowheaders: "*"
+        accessControlExposeHeaders: "*"
+        accesscontrolmaxage: 100
         addvaryheader: true
-        contentsecuritypolicy: ";"
-        # customResponseHeaders:
+        # contentsecuritypolicy: "default-src 'self' https://flow.typerefinery.localhost:8101/ ; img-src 'self'; script-src 'self'; style-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self';"
+        # contentsecuritypolicy: "default-src 'self' *.typerefinery.localhost; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; font-src 'self'; frame-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; manifest-src 'self'; worker-src 'self';"
+        contentsecuritypolicy: "default-src 'self' https://*.typerefinery.localhost:8101 http://localhost:* https://raw.githubusercontent.com https://*.github.io; frame-src 'self' https://*.typerefinery.localhost:8101 https://*.github.io;  img-src 'self' * data: ; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.typerefinery.localhost:8101 wss://tms.typerefinery.localhost:8101; "
+        # contentsecuritypolicy: ";"
+        customRequestHeaders:
+          Access-Control-Allow-Origin: "*"
+        customResponseHeaders:
+          Access-Control-Allow-Origin: "*"
+
         #     Content-Security-Policy-Report-Only: >-
         #       connect-src self;
         #       default-src none;
@@ -364,6 +388,11 @@ http:
         #       script-src self;
         #       style-src self inline-unsafe;
 
+    # scp
+    servicescp:
+      headers:
+        contentsecuritypolicy: "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self';"
+
     keycloakadminserviceheaders:
       headers:
         accesscontrolalloworiginlist: "https://keycloak.typerefinery.localhost, https://auth.typerefinery.localhost"