DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: missing CORS headers when auth fails (#9251)

Browse source
This commit is contained in:
Johannes Würbach 2022-12-05 02:49:01 +01:00 committed by GitHub
parent 785458cceb
commit 3aa53aaf5b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -1268,6 +1268,10 @@ stream {
deny all; deny all;
{{ end }} {{ end }}
{{ if $location.CorsConfig.CorsEnabled }}
{{ template "CORS" $location }}
{{ end }}
{{ if not (isLocationInLocationList $location $all.Cfg.NoAuthLocations) }} {{ if not (isLocationInLocationList $location $all.Cfg.NoAuthLocations) }}
{{ if $authPath }} {{ if $authPath }}
# this location requires authentication # this location requires authentication
@ -1329,10 +1333,6 @@ stream {
{{ range $limit := $limits }} {{ range $limit := $limits }}
{{ $limit }}{{ end }} {{ $limit }}{{ end }}
{{ if $location.CorsConfig.CorsEnabled }}
{{ template "CORS" $location }}
{{ end }}
{{ buildInfluxDB $location.InfluxDB }} {{ buildInfluxDB $location.InfluxDB }}
{{ if isValidByteSize $location.Proxy.BodySize true }} {{ if isValidByteSize $location.Proxy.BodySize true }}

28
test/e2e/annotations/auth.go
View file

@ -141,6 +141,34 @@ var _ = framework.DescribeAnnotation("auth-*", func() {
Body().Contains("401 Authorization Required") Body().Contains("401 Authorization Required")
}) })
ginkgo.It("should return status code 401 and cors headers when authentication and cors is configured but Authorization header is not configured", func() {
host := "auth"
s := f.EnsureSecret(buildSecret("foo", "bar", "test", f.Namespace))
annotations := map[string]string{
"nginx.ingress.kubernetes.io/auth-type": "basic",
"nginx.ingress.kubernetes.io/auth-secret": s.Name,
"nginx.ingress.kubernetes.io/auth-realm": "test auth",
"nginx.ingress.kubernetes.io/enable-cors": "true",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "server_name auth")
})
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusUnauthorized).
Header("Access-Control-Allow-Origin").Equal("*")
})
ginkgo.It("should return status code 200 when authentication is configured and Authorization header is sent", func() { ginkgo.It("should return status code 200 when authentication is configured and Authorization header is sent", func() {
host := "auth" host := "auth"