CORS (Cross Origin Resource Origin) is a mechanism, managed by the web browser and using additional HTTP headers, that allows a web application running on one origin to control access permission to a web application running on a different origin. Without CORS definition, browser shows error in below.
from origin https://domain1.com has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: It is not have HTTP ok status
By default Ingress controller does not have CORS configuration but it is configurable via annotations.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: <IngressName>
namespace: <Namespace>
annotations:
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "https://domain1.com, https://domain2.com"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Server:SERVERNAME";
more_set_headers "cache-Control: no-cache, no-store";
more_set_headers "pragma: no-cache";
add_header "Access-Control-Allow-Methods" "GET, PUT, POST, OPTIONS, DELETE, PATCH" always;
add_header "Access-Control-Allow-Headers" "content-security-policy, localizationid, x-content-type-options, x-xss-protection, Access-Control-Allow-Origin";
spec:
ingressClassName: nginx
rules:
- host: domain3.com
http:
paths:
- backend:
service:
name: <Service>
port:
number: <Port>
path: /
pathType: Prefix
tls:
- hosts:
- <FQDN>
secretName: <TLS>
In this example, we allow domain1.com and domain2.com domains to access domain3.com resources.
Example in my repo: GitHub – msbayir