405 status code for ajax calls on admin endpoint

1. Caddy version (caddy version): 2.4.6

2. How I run Caddy:

docker with Caddy file

a. System environment: Docker

b. Command:

docker run  -p 80:80 -p 443:443 -p 2019:2019 -v $PWD/Caddyfile:/etc/caddy/Caddyfile -v caddy_data:/data caddy

d. My complete Caddyfile or JSON config:

{
    

    debug
    admin 0.0.0.0:2019 {
      enforce_origin
      origins localhost:3001
    }
}

test.localhost {
 
    reverse_proxy http://localhost:2019 {
        header_down Access-Control-Allow-Origin *
        header_down Access-Control-Allow-Methods: OPTIONS,DELETE,GET,HEAD,POST
        header_down Access-Control-Allow-Headers: Content-Type,Access-Control-Allow-Headers
        header_down Access-Control-Allow-Credentials true
    }
    
    tls internal
}

3. The problem I’m having:

When I am trying to do api calls from FE application like POST, PATH or PUT the admin endpoint refuses the OPTIONS headers.

fetch("https://test.localhost/config/apps/http/servers/srv0/routes/", {
  "headers": {
    "accept": "application/json",
    "content-type": "application/json",
    "sec-ch-ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"macOS\""
  },
  "referrer": "http://localhost:3001/",
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": "{\"handle\":[{\"handler\":\"subroute\",\"routes\":[{\"handle\":[{\"handler\":\"subroute\",\"routes\":[{\"handle\":[{\"handler\":\"rewrite\",\"strip_path_prefix\":\"/apps/shop4data\"}]},{\"handle\":[{\"handler\":\"rewrite\",\"strip_path_prefix\":\"/apps/shop4data\"},{\"handler\":\"reverse_proxy\",\"upstreams\":[{\"dial\":\"docker.internal.host:3000\"}]}]}]}],\"match\":[{\"path\":[\"/apps/shop4data/*\"]}]},{\"handle\":[{\"handler\":\"reverse_proxy\",\"headers\":{\"request\":{\"set\":{\"Host\":[\"{http.reverse_proxy.upstream.hostportt}\"],\"X-Forwarded-Host\":[\"{http.request.host}\"]}}},\"transport\":{\"protocol\":\"http\",\"tls\":{}},\"upstreams\":[{\"dial\":\"random.com:443\"}]}],\"match\":[{\"path\":[\"/*\"]}]}]}],\"match\":[{\"host\":[\"test.random.dev}\"]}],\"terminal\":true}",
  "method": "POST",
  "mode": "cors",
  "credentials": "omit"
});

4. Error messages and/or full log output:

in the console I get Access to XMLHttpRequest at 'https://test.localhost/config/apps/http/servers/srv0/routes/' from origin 'http://localhost:3001' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

the logs in Caddy:

{"level":"info","ts":1639562031.628672,"logger":"admin.api","msg":"received request","method":"GET","host":"test.localhost","uri":"/config/","remote_addr":"127.0.0.1:35710","headers":{"Accept":["application/json"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US,en;q=0.9,fr;q=0.8,ro;q=0.7"],"Origin":["http://localhost:3001"],"Referer":["http://localhost:3001/"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["cross-site"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"],"X-Forwarded-For":["172.17.0.1"],"X-Forwarded-Proto":["https"]}}
{"level":"debug","ts":1639562031.6290805,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"localhost:2019","duration":0.001469187,"request":{"remote_addr":"172.17.0.1:65396","proto":"HTTP/2.0","method":"GET","host":"test.localhost","uri":"/config/","headers":{"Sec-Fetch-Dest":["empty"],"X-Forwarded-For":["172.17.0.1"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Sec-Fetch-Site":["cross-site"],"Referer":["http://localhost:3001/"],"Accept-Language":["en-US,en;q=0.9,fr;q=0.8,ro;q=0.7"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\""],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"],"Sec-Fetch-Mode":["cors"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Mobile":["?0"],"Origin":["http://localhost:3001"],"Accept":["application/json"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"test.localhost"}},"headers":{"Content-Type":["application/json"],"Date":["Wed, 15 Dec 2021 09:53:51 GMT"]},"status":200}
{"level":"info","ts":1639562036.004935,"logger":"admin.api","msg":"received request","method":"OPTIONS","host":"test.localhost","uri":"/config/apps/http/servers/srv0/routes/","remote_addr":"127.0.0.1:35710","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US,en;q=0.9,fr;q=0.8,ro;q=0.7"],"Access-Control-Request-Headers":["content-type"],"Access-Control-Request-Method":["POST"],"Origin":["http://localhost:3001"],"Referer":["http://localhost:3001/"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["cross-site"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"],"X-Forwarded-For":["172.17.0.1"],"X-Forwarded-Proto":["https"]}}
{"level":"error","ts":1639562036.0050411,"logger":"admin.api","msg":"request error","error":"method OPTIONS not allowed","status_code":405}
{"level":"debug","ts":1639562036.0052817,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"localhost:2019","duration":0.000479602,"request":{"remote_addr":"172.17.0.1:65396","proto":"HTTP/2.0","method":"OPTIONS","host":"test.localhost","uri":"/config/apps/http/servers/srv0/routes/","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"],"Sec-Fetch-Dest":["empty"],"Origin":["http://localhost:3001"],"Sec-Fetch-Mode":["cors"],"X-Forwarded-For":["172.17.0.1"],"Accept":["*/*"],"Access-Control-Request-Headers":["content-type"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-Proto":["https"],"Access-Control-Request-Method":["POST"],"Sec-Fetch-Site":["cross-site"],"Referer":["http://localhost:3001/"],"Accept-Language":["en-US,en;q=0.9,fr;q=0.8,ro;q=0.7"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"test.localhost"}},"headers":{"Content-Type":["application/json"],"Date":["Wed, 15 Dec 2021 09:53:56 GMT"],"Content-Length":["39"]},"status":405}
{"level":"debug","ts":1639562036.0054138,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":0}
{"level":"info","ts":1639562036.0141861,"logger":"admin.api","msg":"received request","method":"GET","host":"test.localhost","uri":"/config/","remote_addr":"127.0.0.1:35712","headers":{"Accept":["application/json"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US,en;q=0.9,fr;q=0.8,ro;q=0.7"],"Origin":["http://localhost:3001"],"Referer":["http://localhost:3001/"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["cross-site"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"],"X-Forwarded-For":["172.17.0.1"],"X-Forwarded-Proto":["https"]}}
{"level":"debug","ts":1639562036.0146022,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"localhost:2019","duration":0.001053706,"request":{"remote_addr":"172.17.0.1:65396","proto":"HTTP/2.0","method":"GET","host":"test.localhost","uri":"/config/","headers":{"Referer":["http://localhost:3001/"],"X-Forwarded-For":["172.17.0.1"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Sec-Fetch-Dest":["empty"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\""],"Sec-Fetch-Mode":["cors"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Site":["cross-site"],"Accept-Language":["en-US,en;q=0.9,fr;q=0.8,ro;q=0.7"],"Accept":["application/json"],"Sec-Ch-Ua-Mobile":["?0"],"Origin":["http://localhost:3001"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"test.localhost"}},"headers":{"Content-Type":["application/json"],"Date":["Wed, 15 Dec 2021 09:53:56 GMT"]},"status":200}

5. What I already tried:

I already tried to add enforce_origin and add origins localhost:3001 in the admin config. I disabled those options as well. I tried in the reverse proxy handle_response to respond 200 to the status code 405.

This topic was automatically closed after 30 days. New replies are no longer allowed.