Kubernetes - CORS policy - Access-Control-Allow-Origin (Question)

[Dean Kamali]

Hello everyone, 

When I'm trying to submit a POST request to an endpoint on the same domain, I'm getting the following error 

Access to XMLHttpRequest at 'https://files.mydomain.io/files/' from origin 'https://app.mydomain.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I'm using kaproxy kubernetes ingress, and I have tried adding the following to my ingress rules but no luck. 

apiVersion: networking.k8s.io/v1beta1

kind: Ingress

metadata:

name: kubernetes-ingress

annotations:

ingress.kubernetes.io/config-backend: |

http-response set-header Access-Control-Allow-Origin "*"

Any ideas? 

[Joao Morais]

On Mon, Sep 7, 2020 at 1:48 AM Dean Kamali <dean....@gmail.com> wrote:
>
> Hello everyone,
>
> When I'm trying to submit a POST request to an endpoint on the same domain, I'm getting the following error
>
> Access to XMLHttpRequest at 'https://files.mydomain.io/files/' from origin 'https://app.mydomain.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

files.mydomain.io and app.mydomain.io are distinct domains, hence the
browser blocking due to cors policy.

> I'm using kaproxy kubernetes ingress, and I have tried adding the following to my ingress rules but no luck.
>
> apiVersion: networking.k8s.io/v1beta1
> kind: Ingress
> metadata:
> name: kubernetes-ingress
> annotations:
> ingress.kubernetes.io/config-backend: |
> http-response set-header Access-Control-Allow-Origin "*"
>
> Any ideas?

Enabling CORS needs a bit more than just add the access control
header. Try this config:

annotations:
ingress.kubernetes.io/cors-enabled: "true"

See also https://haproxy-ingress.github.io/docs/configuration/keys/#cors

~jm