DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cors improvements

Browse source
This commit is contained in:
Ricardo Pchevuzinske Katz 2017-10-20 17:08:03 -02:00
parent 79edb1f9d1
commit 6e3b9b09c1
No known key found for this signature in database
GPG key ID: 4B9D13C9A87CD165
3 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkg/ingress/types.go
View file

@ -29,6 +29,7 @@ import (
"k8s.io/ingress-nginx/pkg/ingress/annotations/auth"
"k8s.io/ingress-nginx/pkg/ingress/annotations/authreq"
"k8s.io/ingress-nginx/pkg/ingress/annotations/authtls"
"k8s.io/ingress-nginx/pkg/ingress/annotations/cors"
"k8s.io/ingress-nginx/pkg/ingress/annotations/ipwhitelist"
"k8s.io/ingress-nginx/pkg/ingress/annotations/proxy"
"k8s.io/ingress-nginx/pkg/ingress/annotations/ratelimit"
@ -293,9 +294,9 @@ type Location struct {
// Denied returns an error when this location cannot not be allowed
// Requesting a denied location should return HTTP code 403.
Denied error `json:"denied,omitempty"`
// EnableCORS indicates if path must support CORS
// CorsConfig returns the Cors Configration for the ingress rule
// +optional
EnableCORS bool `json:"enableCors,omitempty"`
CorsConfig cors.CorsConfig `json:"corsConfig,omitempty"`
// ExternalAuth indicates the access to this location requires
// authentication using an external provider
// +optional

2
pkg/ingress/types_equals.go
View file

@ -355,7 +355,7 @@ func (l1 *Location) Equal(l2 *Location) bool {
if l1.Denied != l2.Denied {
return false
}
if l1.EnableCORS != l2.EnableCORS {
if l1.CorsConfig != l2.CorsConfig {
return false
}
if !(&l1.ExternalAuth).Equal(&l2.ExternalAuth) {

17
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -505,17 +505,18 @@ stream {
{{/* CORS support from https://michielkalkman.com/snippets/nginx-cors-open-configuration.html */}}
{{ define "CORS" }}
{{ $server := .Second }}
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '{{ $location.CorsConfig.CorsAllowOrigin }}';
add_header 'Access-Control-Allow-Origin' '{{ $server.CorsConfig.CorsAllowOrigin }}';
#
# Om nom nom cookies
#
add_header 'Access-Control-Allow-Credentials' '{{ $location.CorsConfig.CorsAllowCredentials }}';
add_header 'Access-Control-Allow-Methods' '{{ $location.CorsConfig.CorsAllowMethods }}';
add_header 'Access-Control-Allow-Credentials' '{{ $server.CorsConfig.CorsAllowCredentials }}';
add_header 'Access-Control-Allow-Methods' '{{ $server.CorsConfig.CorsAllowMethods }}';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' '{{ $location.CorsConfig.CorsAllowHeaders }}';
add_header 'Access-Control-Allow-Headers' '{{ $server.CorsConfig.CorsAllowHeaders }}';
#
# Tell client that this pre-flight info is valid for 20 days
#
@ -542,10 +543,10 @@ stream {
}
if ($cors_method = 1) {
add_header 'Access-Control-Allow-Origin' '{{ $location.CorsConfig.CorsAllowOrigin }} ' always;
add_header 'Access-Control-Allow-Credentials' '{{ $location.CorsConfig.CorsAllowCredentials }}';
add_header 'Access-Control-Allow-Methods' '{{ $location.CorsConfig.CorsAllowMethods }}';
add_header 'Access-Control-Allow-Headers' '{{ $location.CorsConfig.CorsAllowHeaders }}';
add_header 'Access-Control-Allow-Origin' '{{ $server.CorsConfig.CorsAllowOrigin }} ' always;
add_header 'Access-Control-Allow-Credentials' '{{ $server.CorsConfig.CorsAllowCredentials }}';
add_header 'Access-Control-Allow-Methods' '{{ $server.CorsConfig.CorsAllowMethods }}';
add_header 'Access-Control-Allow-Headers' '{{ $server.CorsConfig.CorsAllowHeaders }}';
}
{{ end }}