Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CORS rules nginx-ingress rules

I need to allow requests from multiple origins: http://localhost:4200, http://localhost:4242, etc., on nginx-ingress version 1.7.1. But I'm not able to do that for multiple origins, because nginx.ingress.kubernetes.io/cors-allow-credentials: true will not work with nginx.ingress.kubernetes.io/cors-allow-origin: "*". It causes the browser to generate CORS error. Maybe someone has a solution for avoiding this error?

this is my config

 annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS, DELETE"
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,X-LANG,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Api-Key,X-Device-Id,Access-Control-Allow-Origin"

Access to XMLHttpRequest at 'https://stage.site.com/api/session' from origin 'http://localhost:4200' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

like image 597
dezzinto Avatar asked Aug 08 '18 10:08

dezzinto


People also ask

What are ingress rules?

Ingress and egress rules allow you to grant access to Google Cloud resources in a perimeter based on the context of the API request: Constrain identity types or identities that can be used given a source network, IP address, or device.

What is nginx ingress kubernetes IO limit connections?

nginx.ingress.kubernetes.io/limit-connections : this defines the number of concurrent connections allowed from an IP address. nginx.ingress.kubernetes.io/limit-rps : rps stands for “request per second”, and it is used to define the number of connections that may be accepted from an IP per second.

What is nginx ingress kubernetes IO AUTH TLS secret?

nginx.ingress.kubernetes.io/proxy-ssl-secret: secretName : Specifies a Secret with the certificate tls. crt , key tls. key in PEM format used for authentication to a proxied HTTPS server. It should also contain trusted CA certificates ca. crt in PEM format used to verify the certificate of the proxied HTTPS server.

What is ingress rule in kubernetes?

Kubernetes Ingress is an API object that provides routing rules to manage external users' access to the services in a Kubernetes cluster, typically via HTTPS/HTTP. With Ingress, you can easily set up rules for routing traffic without creating a bunch of Load Balancers or exposing each service on the node.


2 Answers

Add the annotation to enable CORS:

nginx.ingress.kubernetes.io/enable-cors: "true"

Be aware that the string "*" cannot be used for a resource that supports credentials (https://www.w3.org/TR/cors/#resource-requests), try with your domain list (comma separated) instead of *

like image 164
Nicola Ben Avatar answered Sep 17 '22 22:09

Nicola Ben


You can create a second Ingress, with a different domain and cors origin, directing to the same destination. Not the best solution but it works.

Or:

        kubernetes.io/ingress.class: nginx
        nginx.ingress.kubernetes.io/configuration-snippet: |
           more_set_headers "Access-Control-Allow-Origin: $http_origin";
        nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
        nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, 
           OPTIONS, DELETE, PATCH
        nginx.ingress.kubernetes.io/enable-cors: "true"

But attention $http_origin is allowing every origin!

like image 37
Pierreros Avatar answered Sep 17 '22 22:09

Pierreros