nucleo000/plantillaNuxtAuthentikProxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CORS error for PWA manifest by splitting Traefik routing
All checks were successful
build-and-deploy / build (push) Successful in 7s
Details
build-and-deploy / deploy (push) Successful in 2s
Details

Browse Source 
Split routing into two routers with different priorities:
- Public router (priority 100) handles PWA resources without authentication
- Protected router (priority 10) handles application routes with Authentik

Add CORS middleware for public PWA resources to allow cross-origin access
to manifest.webmanifest, service worker, and icons.

Fixes intermittent ERR_FAILED 302 and CORS errors when loading PWA manifest
from authenticated sessions.
This commit is contained in:
josedario87
2025-10-13 01:16:56 -06:00
parent ea94393fc7
commit 5646a84be1
1 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docker-compose.yml
View File

@@ -20,20 +20,34 @@ services:
- "traefik.enable=true"
- "traefik.docker.network=traefik-network"
# HTTP Router
# Service (shared by both routers)
- "traefik.http.services.${APP_NAME}.loadbalancer.server.port=3000"
# Router 1: Public PWA resources (no auth) - Higher priority
- "traefik.http.routers.${APP_NAME}-public.rule=Host(`${APP_DOMAIN}`) && (PathPrefix(`/manifest.webmanifest`) || PathPrefix(`/sw.js`) || PathPrefix(`/workbox-`) || PathPrefix(`/icon-`) || PathPrefix(`/apple-touch-icon`) || PathPrefix(`/favicon.ico`) || PathPrefix(`/robots.txt`))"
- "traefik.http.routers.${APP_NAME}-public.entrypoints=websecure"
- "traefik.http.routers.${APP_NAME}-public.tls.certresolver=letsencrypt"
- "traefik.http.routers.${APP_NAME}-public.priority=100"
- "traefik.http.routers.${APP_NAME}-public.service=${APP_NAME}"
- "traefik.http.routers.${APP_NAME}-public.middlewares=${APP_NAME}-headers,${APP_NAME}-cors"
# Router 2: Protected application (with auth) - Normal priority
- "traefik.http.routers.${APP_NAME}.rule=Host(`${APP_DOMAIN}`)"
- "traefik.http.routers.${APP_NAME}.entrypoints=websecure"
- "traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt"
# Service
- "traefik.http.services.${APP_NAME}.loadbalancer.server.port=3000"
# Middleware chain: Authentik Forward Auth + Headers
- "traefik.http.routers.${APP_NAME}.priority=10"
- "traefik.http.routers.${APP_NAME}.service=${APP_NAME}"
- "traefik.http.routers.${APP_NAME}.middlewares=authentik-forward-auth@file,${APP_NAME}-headers"
# Custom headers middleware
- "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
# CORS middleware for public resources
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolallowmethods=GET,OPTIONS"
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolalloworiginlist=https://${APP_DOMAIN}"
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.${APP_NAME}-cors.headers.addvaryheader=true"
networks:
principal:
external: true