Hello everyone, I’ve recently switched from Hydra v1 to v2 (version 2.1.2). However, I’ve started to encountered a CORS issue when making admin API calls from my frontend code. Despite having debug mode set to true, I’m not receiving any debug logs related to CORS. It’s worth noting that the same CORS configuration works perfectly fine with v1. I would greatly appreciate it if someone could assist me in identifying what might be causing this issue. Thanks in advance. Here’s my CORS configuration and the logs for the OPTIONS call to Hydra:

serve:
  admin:
    cors:
      enabled: true
      debug: true
      allowed_origins:
        - <http://127.0.0.1:8082>
      allowed_methods:
        - POST
        - GET
        - PUT
        - PATCH
        - DELETE
      allowed_headers:
        - Authorization
      exposed_headers:
        - Content-Type
  public:
    cors:
      enabled: true
      debug: true
      allowed_origins:
        - <http://127.0.0.1:8082>
      allowed_methods:
        - POST
        - GET
        - PUT
        - PATCH
        - DELETE
      allowed_headers:
        - Authorization
      exposed_headers:
        - Content-Type

logs

time=2023-10-10T10:24:08Z level=info msg=started handling request http_request=map[headers:map[accept:*/* accept-encoding:gzip, deflate, br accept-language:en-GB,en-US;q=0.9,en;q=0.8 access-control-request-headers:content-type access-control-request-method:PUT connection:keep-alive origin:<http://127.0.0.1:8082> referer:<http://127.0.0.1:8082/> sec-fetch-dest:empty sec-fetch-mode:cors sec-fetch-site:same-site user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36] host:127.0.0.1:4445 method:OPTIONS path:/admin/oauth2/auth/requests/login/accept query:Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true". remote:192.168.65.1:38544 scheme:http]
time=2023-10-10T10:24:09Z level=info msg=completed handling request http_request=map[headers:map[accept:*/* accept-encoding:gzip, deflate, br accept-language:en-GB,en-US;q=0.9,en;q=0.8 access-control-request-headers:content-type access-control-request-method:PUT connection:keep-alive origin:<http://127.0.0.1:8082> referer:<http://127.0.0.1:8082/> sec-fetch-dest:empty sec-fetch-mode:cors sec-fetch-site:same-site user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36] host:127.0.0.1:4445 method:OPTIONS path:/admin/oauth2/auth/requests/login/accept query:Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true". remote:192.168.65.1:38544 scheme:http] http_response=map[headers:map[allow:OPTIONS, PUT] size:0 status:0 text_status: took:23.40675ms]

Slack Conversation