By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

CORS / EC2 -- Need Help Debugging a Login Issue

0

We’re dealing with a strange issue where we can log into localhost but cannot log into trackTB.com. Debugging this is our main focus for the week of March 23rd, 2025.

What We've Tried (But No Luck So Far): JWT Tokens – Not getting a JWT token back when logging in. Checked EC2 instance docs but no breakthrough. Security Groups – Found missing permissions, added our members, but still no access. CORS – Considered disabling but want to fix the root cause, not just bypass it. CURL Commands – Found that one teammate can log in via Chrome (but not other browsers), and Brian can log in using CURL. Clearing Cache/Extensions – Thought it might be browser-related, but no changes.

What We Know So Far: This seems to be a browser-specific issue. Logs show activity when some of us log in, but not others. If we use a CORS blocker, we are able to log in off any device. CURL works for some, but not all. Could it be a browser setting, cookie, or something deeper?

Has anyone encountered a similar issue or have ideas on what else we can check? Any insights would be greatly appreciated.

Topics
Compute
Tags
Amazon EC2
Language
English
tracktb
asked 2 months ago25 views
1 Answer
0

Based on the information provided, it appears that you're facing a complex issue that involves CORS (Cross-Origin Resource Sharing), potentially in combination with your EC2 instance configuration. Here are some insights and suggestions to help debug your login issue:

  1. CORS Configuration: The fact that using a CORS blocker allows login from any device strongly suggests that the CORS configuration on your server (EC2 instance) is not correctly set up. You should ensure that your server is sending the appropriate CORS headers, particularly the 'Access-Control-Allow-Origin' header. For your EC2 instance, you might need to configure your web server (e.g., Apache, Nginx) to send these headers.

  2. API Gateway: If you're using Amazon API Gateway in front of your EC2 instance, make sure CORS is properly configured there as well. API Gateway has specific settings for CORS that need to be correctly set.

  3. Browser Differences: The fact that one teammate can log in via Chrome but not other browsers, and that CURL works for some, indicates that this is likely a CORS issue rather than a server-side authentication problem. Browsers enforce CORS policies, while CURL does not, which explains why CURL might work when browsers fail.

  4. JWT Tokens: Not receiving a JWT token could be a symptom of the CORS issue rather than the root cause. If the preflight CORS check fails, the actual login request might not be sent at all.

  5. Security Groups: While it's good that you've addressed permissions in your security groups, this is unlikely to be the root cause of a CORS issue.

  6. Preflight Requests: For login requests, which likely use POST and include custom headers, browsers will send a preflight OPTIONS request. Ensure your server is correctly handling these OPTIONS requests and responding with the appropriate CORS headers.

  7. Specific CORS Headers: Make sure your server is sending the following headers:

    • Access-Control-Allow-Origin: Set this to your frontend domain, or '*' for testing (not recommended for production)
    • Access-Control-Allow-Methods: Include the methods you need (e.g., 'GET, POST, OPTIONS')
    • Access-Control-Allow-Headers: Include any custom headers your requests use
    • Access-Control-Allow-Credentials: Set to 'true' if you're using credentials

  8. Debugging Tools: Use browser developer tools, particularly the Network tab, to inspect the requests and responses. Look for CORS-related errors in the Console tab.

  9. Server Logs: Analyze your EC2 instance logs to see if the preflight OPTIONS requests are reaching the server and how they're being handled.

Remember, while disabling CORS might seem like a quick fix, it's crucial for security to properly implement CORS rather than bypassing it. Continue focusing on correctly configuring CORS on your server and any intermediate services like API Gateway.
Sources
Cross-origin resource sharing support and Amazon EC2 - Amazon Elastic Compute Cloud
CORS Access-Control-Allow-Origin Header missing - Api Gateway HTTP / EC2 | AWS re:Post

profile picture
re:Post Agent
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content