1
0
forked from baron/baron-sso

fix(infra): resolve CORS error and Nginx 502 Bad Gateway

- Update Hydra and Kratos CORS config to specify allowed origins explicitly instead of using wildcard with allow_credentials: true
- Fix Nginx upstream resolution for Oathkeeper to use correct container hostname (ory_oathkeeper)
This commit is contained in:
2026-04-24 11:59:49 +09:00
parent cfba44cec2
commit 8e28a9d74b
4 changed files with 29 additions and 4 deletions

View File

@@ -7,7 +7,15 @@ serve:
cors: cors:
enabled: true enabled: true
allowed_origins: allowed_origins:
- "*" - http://localhost:5173
- http://localhost:5174
- http://localhost:5175
- http://localhost:5000
- https://ssologin.hmac.kr
- https://sso-test.hmac.kr
- https://app.brsw.kr
- https://sss.hmac.kr
- https://sso.hmac.kr
allowed_methods: allowed_methods:
- POST - POST
- GET - GET
@@ -37,7 +45,15 @@ serve:
cors: cors:
enabled: true enabled: true
allowed_origins: allowed_origins:
- "*" - http://localhost:5173
- http://localhost:5174
- http://localhost:5175
- http://localhost:5000
- https://ssologin.hmac.kr
- https://sso-test.hmac.kr
- https://app.brsw.kr
- https://sss.hmac.kr
- https://sso.hmac.kr
allowed_methods: allowed_methods:
- POST - POST
- GET - GET

View File

@@ -8,8 +8,17 @@ serve:
cors: cors:
enabled: true enabled: true
allowed_origins: allowed_origins:
- http://localhost:5173
- http://localhost:5174
- http://localhost:5175
- http://localhost:5000
- http://backend:3000 - http://backend:3000
- http://baron_backend:3000 - http://baron_backend:3000
- https://ssologin.hmac.kr
- https://sso-test.hmac.kr
- https://app.brsw.kr
- https://sss.hmac.kr
- https://sso.hmac.kr
admin: admin:
base_url: http://localhost:4434/ base_url: http://localhost:4434/

View File

@@ -31,7 +31,7 @@ server {
resolver 127.0.0.11 valid=10s ipv6=off; resolver 127.0.0.11 valid=10s ipv6=off;
set $backend_upstream http://baron_backend:3000; set $backend_upstream http://baron_backend:3000;
set $userfront_upstream http://baron_userfront:5000; set $userfront_upstream http://baron_userfront:5000;
set $oathkeeper_upstream http://oathkeeper:4455; set $oathkeeper_upstream http://ory_oathkeeper:4455;
error_log /dev/stderr warn; error_log /dev/stderr warn;
access_log /var/log/nginx/access.log json_combined; access_log /var/log/nginx/access.log json_combined;