Hi Denes, Thanks a lot for checking the issue! Your workaround fixes the problem.
Best regards, Elemir From: Denes Arvay <de...@cloudera.com> Reply-To: "users@nifi.apache.org" <users@nifi.apache.org> Date: Friday, 22 February 2019 at 10:02 pm To: "users@nifi.apache.org" <users@nifi.apache.org> Subject: Re: Invalid CORS request error on NiFi v1.8.0 and 1.9.0 behind nginx Hi Elemir, As a workaround you can try to overwrite the Origin header in the request to the value which is expected by NiFi, in your case it should be https://localhost. (i.e. add proxy_set_header Origin https://localhost; to your nginx config). I hope this helps, Denes On Fri, Feb 22, 2019 at 11:00 AM Denes Arvay <de...@apache.org<mailto:de...@apache.org>> wrote: Hi Elemir, I was able to reproduce your issue with a simple nginx-NiFi setup, both running on localhost. My guess is that the cause is that POST is missing from allowed methods list from the /process-groups/*/templates/upload path [1]. The commit which introduced this change explicitly states that POSTs need to come from the same origin but I don't know the reason behind this decision. I'll file a Jira ticket to discuss the issue there (or on the dev@ list). I'm not sure if there is any workaround for this. Best, Denes [1] https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java#L125 On Fri, Feb 22, 2019 at 7:06 AM Elemir Stevko <elemir.ste...@versent.com.au<mailto:elemir.ste...@versent.com.au>> wrote: Hello, I have been running a single instance of NiFi server v1.7.1 on AWS behind ALB and nginx: ALB -> nginx -> NiFi The configuration has been working fine, but since NiFi v1.8.0, I get Invalid CORS request error when I try uploading a template file. Is there anything I need to change in the proxy configuration as compared to NiFi v1.7.1? Here are more details on the NiFi configuration: - ALB terminates the HTTPS connection and opens a new HTTPS connection to nginx which then proxies the request to NiFi server. - NiFi server is configured with OIDC authentication. Neither ALB nor nginx authenticate the clients, they just proxy the requests to NiFi. - nginx is configured similarly to Koji's repo ijokarumawak/nifi-reverseproxy (nginx/standalone-plain-http/nginx.conf): server_names_hash_bucket_size 128; upstream localhost { server localhost:9443; } server { listen 443 ssl; server_name _; ssl_certificate /usr/local/etc/ssl/public.pem; ssl_certificate_key /usr/local/etc/ssl/private.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; proxy_ssl_trusted_certificate /opt/nifi/cert/nifi-cert.pem; access_log /var/log/nginx/nifi.access.log combined; location / { proxy_pass https://localhost; proxy_set_header X-ProxyScheme https; proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 443; proxy_set_header X-ProxyContextPath /; } } Best regards, Elemir
