Sudden Redirect

[a-b-v]

There are two applications: a frontend and a backend behind Teleport. The domains are ui.mteleport.com and back.mteleport.com.

The frontend sends a request to back.mteleport.com/adm/graph with the header Authorization: Bearer. The preflight request completes successfully, returning 200 and the Access-Control-Allow-Origin header.

However, the subsequent fetch request returns 302 to address https://mteleport.com:443/web/launch/back.mteleport.com?path=%2Fadm%2Fgraph without the Access-Control-Allow-Origin header and is blocked by the browser.

Application Configurations:

- name: "ui"
  uri: "http://ui.test"
  required_apps:
    - "back"
- name: "back"
  uri: "http://back.test"
  cors:
    allowed_origins:
      - "https://ui.mteleport.com"
    allowed_headers:
      - "Authorization"
      - "Content-Type"

Expected behavior:

The request returns 200.

Current behavior:

The request returns 302.

Bug details:

• Teleport version 17.2.1
• The browser console log:
  POST https://back.mteleport.com/adm/graph net::ERR_FAILED 302 (Found)
  Access to fetch at 'https://back.mteleport.com/adm/graph' from origin 'https://ui.mteleport.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

[avatus]

Looking at your config, and seeing that the preflight is returned successfully makes me think that you have Teleport configured correctly.

Because you're receiving a 302 to the authentication page, that means Teleport is not receiving your credentials on the fetch request. Is your frontend request configured with "credentials: include"? https://goteleport.com/docs/enroll-resources/application-access/guides/connecting-apps/#cors-support-for-preflight-requests