Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pi-Hole component CORS issue #296

Closed
adyanth opened this issue Sep 25, 2021 · 6 comments
Closed

Pi-Hole component CORS issue #296

adyanth opened this issue Sep 25, 2021 · 6 comments

Comments

@adyanth
Copy link
Contributor

adyanth commented Sep 25, 2021
edited

Can I understand the reason behind including credentials: true in ecec695 (corrected implementation in bbe7149)?

Since Access-Control-Allow-Credentials is not set by Pi-Hole, this fails. Also, there is no need for cookies to be included, since Pi-Hole API does not need any login/auth. Please revert this change (or I can send in a PR) so that we don't impose any such restrictions.

CC: @mcclurec
@adyanth
Copy link
Contributor Author

adyanth commented Sep 25, 2021

Test:
image

@adyanth
Copy link
Contributor Author

adyanth commented Sep 25, 2021

I see that it was part of this PR #258
It would help in that case, but break other implementations :(

@adyanth
Copy link
Contributor Author

adyanth commented Sep 25, 2021

To people coming here running docker versions with the fix for Pi-Hole CORS (docker v2021.09 and later) and running it behind traefik, we can make use of middlewares to fix it.

    labels:
      - traefik.http.routers.pihole.middlewares=pihole-cors
      - traefik.http.middlewares.pihole-cors.headers.customresponseheaders.Access-Control-Allow-Credentials=true

@adyanth adyanth closed this as completed Sep 25, 2021
@mcclurec
Copy link
Contributor

@adyanth 👋 I don't get the access-control-allow-credentials on my own setup, although I'd need to dig in farther to see what's setting the header to true. I run Traefik as a reverse proxy, but haven't explicitly set the header like in your example. I'm running PiHoile v5.4 and the full response payload says it's being served by lighttpd, which I know is the PiHole server backend. Let me know if you'd like to investigate this further.

Here's a copy pasta from my own Homer dashboard making the call to a PiHole on a subdomain through Authelia and Traefik

Request

:authority: pihole.example.com # redacted
:method: GET
:path: /admin/api.php
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: no-cache
cookie: authelia_session=xxxxxxx # redacted
origin: https://example.com # redacted
pragma: no-cache
referer: https://example.com/ # redacted
sec-ch-ua: "Google Chrome";v="93", " Not;A Brand";v="99", "Chromium";v="93"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36

Response

access-control-allow-credentials: true
access-control-allow-origin: https://example.com # redacted
cache-control: no-store, no-cache, must-revalidate
content-length: 484
content-type: application/json
date: Mon, 27 Sep 2021 20:49:40 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: lighttpd/1.4.53
vary: Origin
x-frame-options: DENY
x-pi-hole: The Pi-hole Web interface is working!

@adyanth
Copy link
Contributor Author

adyanth commented Sep 28, 2021

@mcclurec I'm curious as to which version of Pi Hole are you using?

@mcclurec
Copy link
Contributor

v5.4

This was referenced Sep 28, 2021
Closed
Closed
@traliotube traliotube mentioned this issue Mar 16, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mcclurec @adyanth