Error "Failed to fetch / CORS" in VNA UI due to HSTS browser policy
search cancel

Error "Failed to fetch / CORS" in VNA UI due to HSTS browser policy

book

Article ID: 434267

calendar_today

Updated On:

Products

Network Observability Virtual Network Assurance

Issue/Introduction

we have a fresh install of VNA.

Regardless which action I chose from the UI I receive the following error:

"Failed to fetch. Possible Reasons: CORS, Network Failure, URL scheme must be 'http' or 'https' for CORS request"

Environment

any supported VNA release running using HTTP

Cause

 

  • Regardless of the action chosen in the VNA UI, the "Failed to fetch" error appears.

  • Browser developer tools (HAR file) show a 307 Internal Redirect to HTTPS.

  • Subsequent HTTPS requests fail with net::ERR_SSL_PROTOCOL_ERROR.

  • Backend API calls via curl using HTTP work successfully.

 

Resolution

 

  1. VERIFY BACKEND CONNECTIVITY: Execute a curl command from the command line to confirm the VNA API is responding correctly over HTTP.

    Command: curl -u admin:admin -vvv -H 'accept: application/json' 'http://[hostname]:8080/vna/rest/v1/admin/plugins'

    EXPECTED: The server returns an HTTP 200 OK response with a JSON list of installed plugins.

  2. CLEAR BROWSER HSTS CACHE (SHORT-TERM FIX): Clear the browser's security cache to prevent the automatic redirect from HTTP to HTTPS.

    • Option A: Access the VNA UI using Incognito or Private Browsing mode.

    • Option B: Clear the browser cache and restart the browser.

    • Option C: Manually delete the HSTS setting for the specific [hostname] in browser settings (e.g., chrome://net-internals/#hsts).

    EXPECTED: The browser allows the connection to remain on HTTP without forcing a redirect.

  3. CONFIGURE SSL FOR VNA (LONG-TERM FIX): If the corporate environment requires strict HTTPS, configure VNA with a valid SSL certificate.

    • Install a valid SSL certificate in the WildFly configuration.

    • Access the VNA UI using the secure HTTPS port instead of 8080.

    EXPECTED: The UI and background API calls align on the HTTPS protocol, satisfying the browser security policy.

 

Additional Information

The browser has a cached HSTS (HTTP Strict Transport Security) policy for the domain. When the UI makes background API calls over HTTP to port 8080, the browser intercepts and upgrades them to HTTPS (307 Redirect). Since port 8080 is configured for plain HTTP, the SSL handshake fails.

This is a client-side browser security enforcement, not a server-side VNA failure.

Powered by Wolken Software