CORS preflight requests fail if basic auth is in use on the proxy

Question

CORS preflight requests fail if basic auth is in use on the proxy

Opened this issue 3 years ago · 1 comments

I have installed the aws-es-proxy with the following runtime options:

./bin/aws-es-proxy -listen 0.0.0.0:$PORT -endpoint <endpoint> -auth -username $ESPROXY_USERNAME -password $ESPROXY_PASSWORD -realm $ESPROXY_REALM

And I am using the proxy from a client-side react app; the app and the proxy are on different domains. So for correct operation, a CORS setup is required. Prior to a search request via the proxy, the browser sends a CORS preflight OPTIONS request. This does not have a basic auth header, and according to the specifications, preflight requests are not supposed to have any credentials.

However the proxy rejects the preflight request with a 401 because it is lacking credentials. And subsequently this causes the browser to abort the the actual search request.

This can be confirmed with the following CURL requests:

Will fail with a 401

 curl -v -X OPTIONS  "https://myproxyendpoint.com/myindex/_msearch?"

Will succeed with a 200

curl -v -X OPTIONS -u myusername:mypassword "https://myproxyendpoint.com/myindex/_msearch?"

In the aws-es-proxy.go code there should probably be a check for the request method not being an OPTIONS request before authenticating the request.

Answer 1 · 2021-09-17T02:00:01.000Z

I have forked this repo and added the check for request method. And I have deployed this forked and modified repo to my proxy host. The problem with authentication errors on preflight requests has been resolved.

master...PeterCiuffetti:master

If you can provide guidance on how I should submit a patch from this diff, please advise.
Thanks
Pete Ciuffetti