Knative and CORS

[Ciaran Roche]

Hey guys,

I was just wondering, has anyone run into CORS problems when accessing pods from a browser.

What I am seeing, when sending a request to my cluster (running in GKE) from my web app, I am getting a 404, along with a CORS error, telling me Access-Control-Allow-Origin is stopping my request. It is not an outbound issue in my cluster as I can curl my pods all day long. 

Just to add, I am finding it tricky to debug, as no errors are being logged by GKE, and the request is not making it to my pods as none of them are being spun up. 

So I am wondering is there a way to disable or configure CORS on the Knative end to allow requests through from a browser. I have created a gist of one of my requests [1] just to show I have specified `Content-Type` as `text/plain` to avoid the preflight `OPTIONS` request. This didn't make any difference. Just to add it is a case w

Cheers

Ciaran

[1] - https://gist.github.com/ciaranRoche/d6b9d053916d84d58ab58d0622fb02f1

[Les Vogel]

I've run into this, and have been just adding this (GoLang) to my endpoints -- it's opening a bit too much at the moment:

        methodsOk := handlers.AllowedMethods([]string{"GET", "POST", "OPTIONS"})

        headersOk := handlers.AllowedHeaders([]string{

                "Accept",

                "Content-Type",

                "Content-Length",

                "Accept-Encoding",

                "X-CSRF-Token",

                "Authorization",

                "X-Content-Type-Options",

                "X-Requested-With"})

        originsOk := handlers.AllowedOrigins([]string{"*"})

        r.Use(handlers.CORS(originsOk, methodsOk, headersOk))

But in seeing your question, I google'd and found the following configuration info:

https://stackoverflow.com/questions/47942048/istio-ingress-enabling-cors

apiVersion: config.istio.io/v1alpha2
kind: RouteRule
metadata:
  name: cors
spec:
  destination:
    name: productpage
  corsPolicy:
    allowOrigin:
      - http://example.com
    allowMethods:
      - POST
      - GET
      - OPTIONS
    allowHeaders:
      - content-type
    exposeHeaders:
      - x-custom-header
    maxAge: 300s
    allowCredentials: true

See: https://github.com/knative/pkg/blob/master/apis/istio/v1alpha3/virtualservice_types.go#L690-L720

--
You received this message because you are subscribed to the Google Groups "Knative Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to knative-user...@googlegroups.com.
To post to this group, send email to knativ...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/ba7a8b15-bfab-49ac-8901-e7270810ea5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

•  Les Vogel   •  Cloud Developer Relations   •  le...@google.com   •  +1-408-676-7023

[Ellis Bigelow]

It would be really cool if Knative (or Istio, for that matter), had out of the box CORS header attachments, either using wildcards or YAML configs. I don't think it's that reasonable for serverless functions to be CORS aware.

To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/CAGB1p5hn2VRE-Hnho4zMA%3D75aZqkrELcMWyk0Y0i0KLWAcR7Uw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

</Ellis>

[Les Vogel]

You might wish to write a issue in github.com/knative/serving about this.  I don't see an open CORS request.

Looking at the code, it may take a bit to upgrade it to the latest version of Istio.

[Ciaran Roche]

I think I will, I have been hacking at it today and cant get a response from my cluster from a browser. Cheers for looking at it for me, Appreciate it.

[Nghia Tran]

Ciaran,

We currently don't set any CORS policy in Knative.  How do you access your Knative Service from a browser?  Do you use the IP address directly or use a domain?  We use Host header to direct traffic to a particular Knative Service, so if your browser doesn't send the Host header that will result in a 404.  

Please file an issue in github.com/knative/serving as Les suggested.  You may also want to checkout #networking channel on https://knative.slack.com .

Thanks

[Ciaran Roche]

Hey guys, posting this here for anyone else who runs into this problem, the solution is in this GitHub issue [1]

[1] - https://github.com/knative/serving/issues/3499