CORS error with credentials on different domains (Access-Control-Allow-Credentials)

[noseshimself]

"Hi, my name is noses and I'm using docker-registry-ui to access registry:2."
"Hi, noses!"

Bug description

Docker's own registry server does not like the request docker-ui is sending; the log is showing (line breaks added by me)

time="2023-05-21T16:46:37.094528628Z"
level=error msg="response completed with error"
auth.user.name=user1
err.code="pagination number invalid"
err.detail=map[n:100000]
err.message="invalid number of results requested"
go.version=go1.19.9 
    [...]
http.request.uri="/v2/_catalog?n=100000"
http.response.status=400 http.response.written=120

I would translate that to "100000 -- are you drunk or what" error.

The result is leading to the fall-through message

"The Access-Control-Allow-Credentials header in the response is missing and must be set to true when the request's credentials mode is on. Origin https://my.FQDN:5000 is therefore not allowed access.

So there are two bugs.

1. n=100000 is obviously too high
2. The (fall-through default) error message is bogus.

How to Reproduce

Install Docker registry:2 and docker-registry-ui according to documentation. Test registry using login information. Try using the

Expected behavior

Good question; I never got there. I guess some list of images held by the registry should show up.

System information

• OS: Alpine (Debian[e.g. Debian 10, Windows, Android 9...]
• Registry: Image registry:2
• Docker registry UI:
  • Version: 2.4.2
  • Server: docker

- Docker version: 24.0.0
- Docker registry ui tag: latest
- OS/Arch: linux/amd64
- Tools: docker-compose

[Joxit]

Hi, thank you for using my project 😄

Please check opened issues before posting yours.

FYI:

1. The limit of 1000 has been added in docker registry 2.8.2 released 2 weeks ago, so it's totally normal if my project does not support it yet.
2. This number was added for v2/_category is short. #39 back in 2018 because (yes) some of my users have huge registries.
3. This limit is already configurable (see CATALOG_ELEMENTS_LIMIT).
4. If you need more information see Docker Registry >=2.8 sets catalog max entries to 1000 #306.

Duplicate #306

[Joxit]

Hi there! The fix has bee published! You can use the tag main or wait until I publish the next version 2.5.0 (I still have some stuff to do)

I've included some error message too for this particular use case 😉

TBH, I think the UI was right, you also miss-configured your registry server and the header Access-Control-Allow-Credentials is missing from your configuration.

I've tried the docker registry UI 2.4.1 with a docker registry 2.8.2 with credentials correctly configured and here is the result:

And If i remove the Access-Control-Allow-Credentials header from my configuration I will have your message from UI with the exact same log from the registry server saying invalid number of results requested 😄

This is a typical CORS issue, when this happens, the web interface will not process the server's response. That's why I'm displaying those messages for my users 😉

[noseshimself]

Getting the Access-Control-Allow-Credentials header right was not as easy as it seemed for my setup (nginx as reverse proxy and "small things web server" in a container connected to the outside world, registry and registry-ui in unnamed containers on separate virtual networks between nginx and those containers behind the proxy). I ended up with adding FQDNs to my DNS to win that battle.

[Joxit]

Ok, so the error message was right 🙂 I will update the title of the issue then