breezy-raincoat-82747
03/25/2022, 1:44 PM{
"audience": "application",
"error": {
"message": "EOF",
"trace": "\<http://ngithub.com/ory/oathkeeper/proxy.(*Proxy).RoundTrip\n\t/home/ory/proxy/proxy.go:94\nnet/http/httputil.(*ReverseProxy).ServeHTTP\n\t/usr/local/go/src/net/http/httputil/reverseproxy.go:288\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/reqlog.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.163-1/reqlog/middleware.go:134\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/oathkeeper/metrics.(*Middleware).ServeHTTP\n\t/home/ory/metrics/middleware.go:88\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/metricsx.(*Service).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.163-1/metricsx/middleware.go:261\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:96\ngithub.com/rs/cors.(*Cors).Handler.func1\n\t/go/pkg/mod/github.com/rs/cors@v1.6.0/cors.go:207\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2887\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1952\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1371|ngithub.com/ory/oathkeeper/proxy.(*Proxy).RoundTrip\n\t/home/ory/proxy/proxy.go:94\nnet/http/httputil.(*ReverseProxy).ServeHTTP\n\t/usr/local/go/src/net/http/httputil/reverseproxy.go:288\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/reqlog.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.163-1/reqlog/middleware.go:134\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/oathkeeper/metrics.(*Middleware).ServeHTTP\n\t/home/ory/metrics/middleware.go:88\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/metricsx.(*Service).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.163-1/metricsx/middleware.go:261\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:96\ngithub.com/rs/cors.(*Cors).Handler.func1\n\t/go/pkg/mod/github.com/rs/cors@v1.6.0/cors.go:207\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2069\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2887\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1952\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1371>"
},
"file": "/home/ory/proxy/proxy.go:97",
"func": "<http://github.com/ory/oathkeeper/proxy.(*Proxy).RoundTrip|github.com/ory/oathkeeper/proxy.(*Proxy).RoundTrip>",
"granted": false,
"http_host": "<http://api.stagedelemental.com|api.stagedelemental.com>",
"http_method": "POST",
"http_url": "<http://kratos-direct.internal:4433/self-service/registration?flow=59a8bce2-00c7-454d-b0c4-fff046dc5f73>",
"http_user_agent": "python-requests/2.25.1",
"level": "warning",
"msg": "Access request denied because roundtrip failed",
"service_name": "ORY Oathkeeper",
"service_version": "v0.38.15-beta.1",
"subject": "",
"time": "2022-03-25T13:40:41Z"
}
damp-sunset-69236
03/25/2022, 1:45 PMdamp-sunset-69236
03/25/2022, 1:45 PMbreezy-raincoat-82747
03/25/2022, 1:48 PMbreezy-raincoat-82747
03/25/2022, 1:51 PM- id: "ory:kratos:public"
upstream:
preserve_host: true
url: "<http://kratos-direct.internal.stagedapp.com:4433>"
strip_path: /.ory/kratos/public
match:
url: "<http://api.stagedapp.com/.ory/kratos/public/><**>"
methods:
- GET
- POST
- PUT
- DELETE
- PATCH
authenticators:
- handler: noop
authorizer:
handler: allow
mutators:
- handler: noop
- id: "app:api:anonymous"
upstream:
preserve_host: true
url: "<http://api.internal.stagedapp.com>"
match:
url: "<http://api.stagedapp.com/><{healthcheck}{/,}>"
methods:
- GET
authenticators:
- handler: noop
authorizer:
handler: allow
mutators:
- handler: noop
- id: "app:api:protected"
upstream:
preserve_host: true
url: "<http://api.internal.stagedapp.com>"
match:
url: "<http://api.stagedapp.com/><*>/api/v1/<**>"
methods:
- GET
- POST
- PUT
- DELETE
- PATCH
authenticators:
- handler: cookie_session
- handler: bearer_token
- handler: anonymous
authorizer:
handler: allow
mutators:
- handler: id_token
breezy-raincoat-82747
03/25/2022, 1:53 PMdamp-sunset-69236
03/25/2022, 2:12 PMEOF
error can happen when backend closes connection prematurelydamp-sunset-69236
03/25/2022, 2:13 PMdamp-sunset-69236
03/25/2022, 2:13 PMbreezy-raincoat-82747
03/25/2022, 2:15 PM"http_response": {
"headers": {
"cache-control": "private, no-cache, no-store, must-revalidate",
"content-type": "application/json; charset=utf-8",
"vary": "Cookie"
},
"size": 809,
"status": 200,
"text_status": "OK",
"took": 20267234453
},
"level": "info",
"msg": "completed handling request",
"time": "2022-03-25T13:40:41Z"
breezy-raincoat-82747
03/25/2022, 2:17 PMdamp-sunset-69236
03/25/2022, 2:29 PMdamp-sunset-69236
03/25/2022, 2:30 PMX-Forwarded-For
headers or with CORS settingsdamp-sunset-69236
03/25/2022, 2:46 PMoathkeeper.yml
?breezy-raincoat-82747
03/25/2022, 2:48 PMbreezy-raincoat-82747
03/25/2022, 2:48 PMbreezy-raincoat-82747
03/25/2022, 2:52 PMbreezy-raincoat-82747
03/25/2022, 2:52 PMAUTHENTICATORS_BEARER_TOKEN_CONFIG_CHECK_SESSION_URL <http://kratos.internal.stagedapp.com/sessions/whoami>
AUTHENTICATORS_COOKIE_SESSION_CONFIG_CHECK_SESSION_URL <http://kratos.internal.stagedapp.com/sessions/whoami>
ERRORS_HANDLERS_REDIRECT_CONFIG_TO <http://stagedapp.com/auth/login>
LOG_LEAK_SENSITIVE_VALUES TRUE
LOG_LEVEL trace
MUTATORS_ID_TOKEN_CONFIG_ISSUER_URL <http://api.internal.stagedapp.com>
SERVE_PROXY_CORS_ALLOW_CREDENTIALS TRUE
SERVE_PROXY_CORS_ALLOWED_HEADERS Authorization,Content-Type
SERVE_PROXY_CORS_ALLOWED_ORIGINS <https://stagedapp.com>,https://*.<http://stagedapp.com|stagedapp.com>
SERVE_PROXY_CORS_ENABLED TRUE
SERVE_PROXY_CORS_EXPOSED_HEADERS Content-Type
SERVE_PROXY_TIMEOUT_IDLE 30s
SERVE_PROXY_TIMEOUT_READ 30s
SERVE_PROXY_TIMEOUT_WRITE 30s
damp-sunset-69236
03/25/2022, 2:54 PMdamp-sunset-69236
03/25/2022, 2:55 PMSERVE_PROXY_CORS_ALLOWED_HEADERS Authorization,Content-Type
SERVE_PROXY_CORS_EXPOSED_HEADERS Content-Type
Could you try to run it without these headers?breezy-raincoat-82747
03/25/2022, 2:56 PMbreezy-raincoat-82747
03/25/2022, 2:57 PMbreezy-raincoat-82747
03/25/2022, 2:58 PMbreezy-raincoat-82747
03/25/2022, 2:58 PMLOG_LEAK_SENSITIVE_VALUES TRUE
LOG_LEVEL trace
SELFSERVICE_DEFAULT_BROWSER_RETURN_URL <https://www.stagedapp.com/>
SELFSERVICE_FLOWS_RECOVERY_AFTER_DEFAULT_BROWSER_RETURN_URL <https://www.stagedapp.com/dashboard>
SELFSERVICE_FLOWS_REGISTRATION_UI_URL <https://www.stagedapp.com/auth/registration>
SELFSERVICE_FLOWS_SETTINGS_AFTER_PASSWORD_DEFAULT_BROWSER_RETURN_URL <https://www.stagedapp.com/dashboard>
SELFSERVICE_FLOWS_SETTINGS_UI_URL <https://www.stagedapp.com/user-settings>
SELFSERVICE_FLOWS_VERIFICATION_AFTER_DEFAULT_BROWSER_RETURN_URL <https://www.stagedapp.com/dashboard>
SELFSERVICE_WHITELISTED_RETURN_URLS <https://stagedapp.com>,<https://www.stagedapp.com>,<https://api.stagedapp.com>
SERVE_PUBLIC_BASE_URL <https://api.stagedapp.com/.ory/kratos/public>
SERVE_PUBLIC_CORS_ALLOW_CREDENTIALS TRUE
SERVE_PUBLIC_CORS_ALLOWED_ORIGINS <https://www.stagedapp.com>
SERVE_PUBLIC_CORS_ENABLED FALSE
damp-sunset-69236
03/25/2022, 2:58 PMX-Forwarded-For
header from Kratos on Post request. Oathkeeper uses negroni middleware and it uses rs. Somehow it fails on POST onlydamp-sunset-69236
03/25/2022, 2:59 PMbreezy-raincoat-82747
03/25/2022, 3:00 PMbreezy-raincoat-82747
03/25/2022, 3:18 PMbreezy-raincoat-82747
03/25/2022, 3:53 PMbreezy-raincoat-82747
03/25/2022, 4:48 PMbreezy-raincoat-82747
03/25/2022, 4:49 PMbreezy-raincoat-82747
03/28/2022, 4:02 PM