Configuration with alternative host proxyman.local instead of localhost name as requests to localhost are bypassing configured proxies.

Author: chenkins

backend/README.md

@@ -19,7 +19,7 @@ To use proxyman for debgging, add the following lines to `/etc/hosts`:
 ::1 proxyman.local
 ```
 Some browsers do not forward any requests to `localhost`, see [Proxyman Documentation](https://docs.proxyman.io/troubleshooting/couldnt-see-any-request-from-localhost-server) for more information.
-
+Caveat: `Proxyman` seems to modify some requests and invalidate JWT signatures. To be confirmed.
 
 
 ### Accessing Keycloak (Port 8180)

backend/src/main/resources/application.properties

@@ -11,16 +11,28 @@ hub.public-root-path=${quarkus.http.root-path}
 
 # Connection Params for Keycloak Public Client (quarkus.oidc.auth-server-url may use network-private hostname)
 # `public-url` is used in the frontend (js), `local-url` in the backend. Maybe the same URL, but does not have to be.
+
+# If using proxyman.local for use with proxyman, start keycloak separately, see docker-compose.yml
+# uncomment to use proxyman.local setup
 hub.keycloak.public-url=http://localhost:8180
 hub.keycloak.local-url=http://localhost:8180
+
+#hub.keycloak.public-url=http://proxyman.local:8180
+#hub.keycloak.local-url=http://proxyman.local:8180
+#quarkus.oidc.auth-server-url=http://proxyman.local:8180/realms/cryptomator
 hub.keycloak.realm=cryptomator
 
 hub.managed-instance=false
 
 quarkus.resteasy-reactive.path=/api
 %test.quarkus.resteasy-reactive.path=/
 
+# uncomment to use proxyman.local setup
+quarkus.http.host=proxyman.local
 quarkus.http.port=8080
+quarkus.http.access-log.enabled=true
+%dev.quarkus.log.level=INFO
+#%dev.quarkus.log.level=TRACE
 
 quarkus.oidc.application-type=service
 quarkus.oidc.client-id=cryptomatorhub
@@ -70,15 +82,15 @@ quarkus.flyway.locations=classpath:org/cryptomator/hub/flyway
 
 # Allow cross-origin requests in DEV profile
 %dev.quarkus.http.cors=true
-%dev.quarkus.http.cors.origins=http://localhost:3000,http//localhost:8080
+%dev.quarkus.http.cors.origins=http://localhost:3000,http//localhost:8080,http://proxyman.local:3000,http//proxyman.local:8080
 
 %test.quarkus.application.version=TEST_VERSION_3000
 
 # HTTP Security Headers see e.g. https://owasp.org/www-project-secure-headers/#div-bestpractices
 quarkus.http.header."Content-Security-Policy".value=default-src 'self'; connect-src 'self' api.cryptomator.org; object-src 'none'; child-src 'self'; img-src * data:; frame-ancestors 'none'
-%dev.quarkus.http.header."Content-Security-Policy".value=default-src 'self'; connect-src 'self' api.cryptomator.org localhost:8180; object-src 'none'; child-src 'self'; img-src * data:; frame-ancestors 'none'
+%dev.quarkus.http.header."Content-Security-Policy".value=default-src 'self'; connect-src 'self' api.cryptomator.org localhost:8180 proxyman.local:8180; object-src 'none'; child-src 'self'; img-src * data:; frame-ancestors 'none'
 # dev-ui needs very permissive CSP:
-# %dev.quarkus.http.header."Content-Security-Policy".value=default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src 'self' api.cryptomator.org localhost:8180;
+# %dev.quarkus.http.header."Content-Security-Policy".value=default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src 'self' api.cryptomator.org localhost:8180 proxyman.local:8180;
 quarkus.http.header."Referrer-Policy".value=no-referrer
 quarkus.http.header."Strict-Transport-Security".value=max-age=31536000; includeSubDomains
 quarkus.http.header."X-Content-Type-Options".value=nosniff