2018-08-30 02:58:40 +00:00
|
|
|
/*
|
|
|
|
|
Copyright 2018 The Kubernetes Authors.
|
|
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
package annotations
|
|
|
|
|
|
|
|
|
|
import (
|
2018-10-29 21:39:04 +00:00
|
|
|
"net/http"
|
|
|
|
|
|
2018-08-30 02:58:40 +00:00
|
|
|
. "github.com/onsi/ginkgo"
|
|
|
|
|
. "github.com/onsi/gomega"
|
|
|
|
|
"github.com/parnurzeal/gorequest"
|
|
|
|
|
|
|
|
|
|
"k8s.io/ingress-nginx/test/e2e/framework"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var _ = framework.IngressNginxDescribe("Annotations - CORS", func() {
|
|
|
|
|
f := framework.NewDefaultFramework("cors")
|
|
|
|
|
|
|
|
|
|
BeforeEach(func() {
|
2018-10-29 21:39:04 +00:00
|
|
|
f.NewEchoDeploymentWithReplicas(2)
|
2018-08-30 02:58:40 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
AfterEach(func() {
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
It("should enable cors", func() {
|
|
|
|
|
host := "cors.foo.com"
|
2018-10-09 02:32:25 +00:00
|
|
|
annotations := map[string]string{
|
|
|
|
|
"nginx.ingress.kubernetes.io/enable-cors": "true",
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-22 14:03:42 +00:00
|
|
|
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, "http-svc", 80, &annotations)
|
2018-10-29 21:39:04 +00:00
|
|
|
f.EnsureIngress(ing)
|
2018-08-30 02:58:40 +00:00
|
|
|
|
2018-10-29 21:39:04 +00:00
|
|
|
f.WaitForNginxServer(host,
|
2018-08-30 02:58:40 +00:00
|
|
|
func(server string) bool {
|
|
|
|
|
return Expect(server).Should(ContainSubstring("more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';"))
|
|
|
|
|
})
|
|
|
|
|
|
2018-10-29 21:39:04 +00:00
|
|
|
f.WaitForNginxServer(host,
|
2018-08-30 02:58:40 +00:00
|
|
|
func(server string) bool {
|
|
|
|
|
return Expect(server).Should(ContainSubstring("more_set_headers 'Access-Control-Allow-Origin: *';"))
|
|
|
|
|
})
|
|
|
|
|
|
2018-10-29 21:39:04 +00:00
|
|
|
f.WaitForNginxServer(host,
|
2018-08-30 02:58:40 +00:00
|
|
|
func(server string) bool {
|
|
|
|
|
return Expect(server).Should(ContainSubstring("more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';"))
|
|
|
|
|
})
|
|
|
|
|
|
2018-10-29 21:39:04 +00:00
|
|
|
f.WaitForNginxServer(host,
|
2018-08-30 02:58:40 +00:00
|
|
|
func(server string) bool {
|
|
|
|
|
return Expect(server).Should(ContainSubstring("more_set_headers 'Access-Control-Max-Age: 1728000';"))
|
|
|
|
|
})
|
|
|
|
|
|
2018-10-29 21:39:04 +00:00
|
|
|
f.WaitForNginxServer(host,
|
2018-08-30 02:58:40 +00:00
|
|
|
func(server string) bool {
|
|
|
|
|
return Expect(server).Should(ContainSubstring("more_set_headers 'Access-Control-Allow-Credentials: true';"))
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
uri := "/"
|
|
|
|
|
resp, _, errs := gorequest.New().
|
2019-02-22 14:03:42 +00:00
|
|
|
Options(f.GetURL(framework.HTTP)+uri).
|
2018-08-30 02:58:40 +00:00
|
|
|
Set("Host", host).
|
|
|
|
|
End()
|
2018-11-18 13:53:05 +00:00
|
|
|
Expect(errs).Should(BeEmpty())
|
2018-08-30 02:58:40 +00:00
|
|
|
Expect(resp.StatusCode).Should(Equal(http.StatusNoContent))
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
It("should set cors methods to only allow POST, GET", func() {
|
|
|
|
|
host := "cors.foo.com"
|
2018-10-09 02:32:25 +00:00
|
|
|
annotations := map[string]string{
|
|
|
|
|
"nginx.ingress.kubernetes.io/enable-cors": "true",
|
|
|
|
|
"nginx.ingress.kubernetes.io/cors-allow-methods": "POST, GET",
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-22 14:03:42 +00:00
|
|
|
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, "http-svc", 80, &annotations)
|
2018-10-29 21:39:04 +00:00
|
|
|
f.EnsureIngress(ing)
|
2018-08-30 02:58:40 +00:00
|
|
|
|
2018-10-29 21:39:04 +00:00
|
|
|
f.WaitForNginxServer(host,
|
2018-08-30 02:58:40 +00:00
|
|
|
func(server string) bool {
|
|
|
|
|
return Expect(server).Should(ContainSubstring("more_set_headers 'Access-Control-Allow-Methods: POST, GET';"))
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
It("should set cors max-age", func() {
|
|
|
|
|
host := "cors.foo.com"
|
2018-10-09 02:32:25 +00:00
|
|
|
annotations := map[string]string{
|
|
|
|
|
"nginx.ingress.kubernetes.io/enable-cors": "true",
|
|
|
|
|
"nginx.ingress.kubernetes.io/cors-max-age": "200",
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-22 14:03:42 +00:00
|
|
|
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, "http-svc", 80, &annotations)
|
2018-10-29 21:39:04 +00:00
|
|
|
f.EnsureIngress(ing)
|
2018-08-30 02:58:40 +00:00
|
|
|
|
2018-10-29 21:39:04 +00:00
|
|
|
f.WaitForNginxServer(host,
|
2018-08-30 02:58:40 +00:00
|
|
|
func(server string) bool {
|
|
|
|
|
return Expect(server).Should(ContainSubstring("more_set_headers 'Access-Control-Max-Age: 200';"))
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
It("should disable cors allow credentials", func() {
|
|
|
|
|
host := "cors.foo.com"
|
2018-10-09 02:32:25 +00:00
|
|
|
annotations := map[string]string{
|
|
|
|
|
"nginx.ingress.kubernetes.io/enable-cors": "true",
|
|
|
|
|
"nginx.ingress.kubernetes.io/cors-allow-credentials": "false",
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-22 14:03:42 +00:00
|
|
|
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, "http-svc", 80, &annotations)
|
2018-10-29 21:39:04 +00:00
|
|
|
f.EnsureIngress(ing)
|
2018-08-30 02:58:40 +00:00
|
|
|
|
2018-10-29 21:39:04 +00:00
|
|
|
f.WaitForNginxServer(host,
|
2018-08-30 02:58:40 +00:00
|
|
|
func(server string) bool {
|
|
|
|
|
return Expect(server).ShouldNot(ContainSubstring("more_set_headers 'Access-Control-Allow-Credentials: true';"))
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
It("should allow origin for cors", func() {
|
|
|
|
|
host := "cors.foo.com"
|
2018-10-09 02:32:25 +00:00
|
|
|
annotations := map[string]string{
|
|
|
|
|
"nginx.ingress.kubernetes.io/enable-cors": "true",
|
|
|
|
|
"nginx.ingress.kubernetes.io/cors-allow-origin": "https://origin.cors.com:8080",
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-22 14:03:42 +00:00
|
|
|
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, "http-svc", 80, &annotations)
|
2018-10-29 21:39:04 +00:00
|
|
|
f.EnsureIngress(ing)
|
2018-08-30 02:58:40 +00:00
|
|
|
|
2018-10-29 21:39:04 +00:00
|
|
|
f.WaitForNginxServer(host,
|
2018-08-30 02:58:40 +00:00
|
|
|
func(server string) bool {
|
|
|
|
|
return Expect(server).Should(ContainSubstring("more_set_headers 'Access-Control-Allow-Origin: https://origin.cors.com:8080';"))
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
It("should allow headers for cors", func() {
|
|
|
|
|
host := "cors.foo.com"
|
2018-10-09 02:32:25 +00:00
|
|
|
annotations := map[string]string{
|
|
|
|
|
"nginx.ingress.kubernetes.io/enable-cors": "true",
|
|
|
|
|
"nginx.ingress.kubernetes.io/cors-allow-headers": "DNT, User-Agent",
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-22 14:03:42 +00:00
|
|
|
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, "http-svc", 80, &annotations)
|
2018-10-29 21:39:04 +00:00
|
|
|
f.EnsureIngress(ing)
|
2018-08-30 02:58:40 +00:00
|
|
|
|
2018-10-29 21:39:04 +00:00
|
|
|
f.WaitForNginxServer(host,
|
2018-08-30 02:58:40 +00:00
|
|
|
func(server string) bool {
|
|
|
|
|
return Expect(server).Should(ContainSubstring("more_set_headers 'Access-Control-Allow-Headers: DNT, User-Agent';"))
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
})
|
