CORS rules nginx-ingress rules

Question

I need to allow requests from multiple origins: http://localhost:4200, http://localhost:4242, etc., on nginx-ingress version 1.7.1. But I'm not able to do that for multiple origins, because nginx.ingress.kubernetes.io/cors-allow-credentials: true will not work with nginx.ingress.kubernetes.io/cors-allow-origin: "*". It causes the browser to generate CORS error. Maybe someone has a solution for avoiding this error?

this is my config

 annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS, DELETE"
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,X-LANG,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Api-Key,X-Device-Id,Access-Control-Allow-Origin"

Access to XMLHttpRequest at 'https://stage.site.com/api/session' from origin 'http://localhost:4200' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

It seems you need to work around this by setting the Access-Control-Allow-Origin value in a different part of your server-side code. See https://github.com/kubernetes/ingress-nginx/issues/2535 and https://github.com/kubernetes/ingress-nginx/issues/1171#issuecomment-391988766 — sideshowbarker, Aug 08 '18 at 11:58

Nicola Ben · Answer 1 · 2018-08-08T12:45:14.747

8

Add the annotation to enable CORS:

nginx.ingress.kubernetes.io/enable-cors: "true"

Be aware that the string "*" cannot be used for a resource that supports credentials (https://www.w3.org/TR/cors/#resource-requests), try with your domain list (comma separated) instead of *

edited Aug 08 '18 at 12:45

answered Aug 08 '18 at 10:43

Nicola Ben

9,055
6
36
59

1

Comma separated list doesn't work. `nginx.ingress.kubernetes.io/cors-allow-origin` only supports one domain, otherwise it resolves to '*'. https://github.com/kubernetes/ingress-nginx/issues/5496 – Marco Ottolini Feb 01 '21 at 16:05

Pierreros · Answer 2 · 2020-06-08T12:23:35.883

You can create a second Ingress, with a different domain and cors origin, directing to the same destination. Not the best solution but it works.

Or:

        kubernetes.io/ingress.class: nginx
        nginx.ingress.kubernetes.io/configuration-snippet: |
           more_set_headers "Access-Control-Allow-Origin: $http_origin";
        nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
        nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, 
           OPTIONS, DELETE, PATCH
        nginx.ingress.kubernetes.io/enable-cors: "true"

But attention $http_origin is allowing every origin!

score 4 · Answer 3 · answered May 21 '21 at 10:58

4

This is a fairly requested feature: https://github.com/kubernetes/ingress-nginx/issues/5496

As a current workaround you can use the following snippet to define more than one domain for CORS: https://github.com/kubernetes/ingress-nginx/issues/5496#issuecomment-662798662

A PR has already been submitted and waits for completion. So this should roll out natively during one of the coming releases: https://github.com/kubernetes/ingress-nginx/pull/7134

answered May 21 '21 at 10:58

F1ko

1,810
1
5
16

1

For anyone stumbling on this answer, this is not the case anymore, that feature request has been approved and merged, the docs explain how to do this: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#enable-cors – Daniel Arechiga Feb 07 '22 at 00:57

CORS rules nginx-ingress rules

3 Answers3

Linked