unconfigured CORS policy on s3 bucket causes failure

[JKDingwall]

Hi, I use this docker registry UI version 2.0.2 and I have an issue...

Bug description

I have a server which runs the docker registry and the registry UI. The registry images are stored in CEPH and accessible via another host running radosgw configured with the s3 interface. The UI is able to list / browse the images stored in the registry but requests directly to the rados gw server fail with a CORS error.

This is the error recorded in the Firefox developer console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://rgw.example.com/docker/docker/registry/v2/blobs/sha256/etc/etc. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

No CORS policy was configured on the bucket:

# s3cmd info s3://docker
s3://docker/ (bucket):
   Location:  country
   Payer:     BucketOwner
   Expiration Rule: none
   Policy:    none
   CORS:      none
   ACL:       Docker Registry (Country/City): FULL_CONTROL

After applying a policy to the bucket the issue with the UI was resolved. I'm making a mention of this here in case it is a useful tip to add to documentation.

[Joxit]

Hi, thank you for using my project and submitting issues with tips 😄 I added a section in the FAQ and your name in my contribution list

[nolanholden]

EDIT:

adding storage.redirect.disable: true config to registry seems to have fixed the issue.
as described in: https://github.com/Joxit/docker-registry-ui/tree/a36e3aac57b957260c87fdb387ef0a425ac6e3ee/examples/issue-75#example-for-issue-75

---

I saw this issue using Cloudflare R2, but after setting appropriate CORS, experienced a different failure:
Failed to load resource: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
on the follow-on request.

Presumably because the basic auth credentials are being sent to the 307 url (cloudflare), rather than being omited

Does that sound right? Do you know where this adjustment can be added?