403 While Accessing Jira Via Teleport

[rojinebrahimi]

Hey!
I am using teleport to access services including Jira and Confluence via jira.teleport.example.com, for instance. Jira has been deployed with the address (The one that Jira service was configured with - before setting up Teleport):
jira.example.org

Teleport app section's configuration looks like this:

app_service:
  apps:
  - insecure_skip_verify: true
    name: jira
    public_addr: jira.teleport.example.com
    rewrite:
      headers:
      - 'Origin: https://jira.example.org'
      - 'Host: jira.example.org'
      - 'Access-Control-Allow-Origin: *'
    uri: https://jira.example.org
...

Unfortunately, I get 403 or CORS status for some Jira resources. For example, uploaded images or avatars are not shown. What are necessary headers I need to set in Teleport app_services section for it? I have already tried using CORS headers.
I have deployed Teleport on K8s taking advantage of Contour Ingress configurations in front of it.

I would be grateful if someone could help.

[webvictim]

Unfortunately this is likely to be related to settings on the Jira side, rather than Teleport. My understanding is that Jira uses its own Java-based webserver in front of the application itself, which is likely to be rewriting or changing the Access-Control-Allow-Origin headers itself.

The easiest resolution here would be to change Jira's concept of its own "public address" to jira.teleport.example.com rather than jira.example.org, then make Teleport connect to Jira using some kind of private DNS entry rather than the (presumably public) jira.example.org

There may also be ways to disable the CORS mitigation (or lower its aggressiveness) on the Jira side with some launch parameters.

[rojinebrahimi]

Thank you so much for your help.

[rojinebrahimi]

I changed proxyName configuration in Jira itself and the issue got resolved I am closing this issue.