https://www.growthbook.io/ logo
#ask-questions
Title
# ask-questions
q

quick-orange-44935

02/07/2022, 3:41 PM
hello team 👋 i’m trying to get setup with self hosted growthbook on kubernetes. im running into CORS issues during
/auth/firsttime
request from growthbook web to growthbook api. i’ve set the appropriate env vars such as
APP_ORIGIN
to the backend api server and
API_HOST
to frontend service. my ingresses (traefik) are using oauth but im still getting blocked on the username / password auth form page.
f

future-teacher-7046

02/07/2022, 3:44 PM
What error are you seeing exactly? Typically if there are CORS issues, you wouldn't even be able to see the auth form at all
q

quick-orange-44935

02/07/2022, 3:45 PM
Copy code
Access to fetch at '<https://growthbook-api>.<DOMAIN>/auth/firsttime' from origin '<https://growthbook-ui>.<DOMAIN>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
f

future-teacher-7046

02/07/2022, 3:47 PM
Hmm. I don't think GrowthBook does any redirects from the API side. Is that coming from somewhere else like traefik?
q

quick-orange-44935

02/07/2022, 4:32 PM
it is possible that using traefik ingress for
growthbook-api
is hitting google oauth redirect which is being blocked by CORS for ui -> api requests
is there a recommended way to support https traffic? do the servers support https traffic over port 443?
f

future-teacher-7046

02/07/2022, 4:46 PM
Self-hosted GrowthBook does not use Google OAuth for logging in. It stores users locally within MongoDB. So there's no redirect happening at all on the GrowthBook side. As far as https, the containers themselves only support http, so you would need to do SSL termination at the proxy or load balancer level
From your error, it looks like the OPTIONS request is returning a 301 redirect (or similar). Can you see where it's trying to redirect to? That might give a clue as to where it's coming from
q

quick-orange-44935

02/07/2022, 9:52 PM
yup, this was due to traefik triggering oauth redirect
15 Views