From 6e3b9b09c1b8d94b7764d320ecefa332e69c0e6f Mon Sep 17 00:00:00 2001 From: Ricardo Pchevuzinske Katz Date: Fri, 20 Oct 2017 17:08:03 -0200 Subject: [PATCH] Cors improvements --- pkg/ingress/types.go | 5 +++-- pkg/ingress/types_equals.go | 2 +- rootfs/etc/nginx/template/nginx.tmpl | 17 +++++++++-------- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/pkg/ingress/types.go b/pkg/ingress/types.go index fac9764a1..840dc9b3d 100644 --- a/pkg/ingress/types.go +++ b/pkg/ingress/types.go @@ -29,6 +29,7 @@ import ( "k8s.io/ingress-nginx/pkg/ingress/annotations/auth" "k8s.io/ingress-nginx/pkg/ingress/annotations/authreq" "k8s.io/ingress-nginx/pkg/ingress/annotations/authtls" + "k8s.io/ingress-nginx/pkg/ingress/annotations/cors" "k8s.io/ingress-nginx/pkg/ingress/annotations/ipwhitelist" "k8s.io/ingress-nginx/pkg/ingress/annotations/proxy" "k8s.io/ingress-nginx/pkg/ingress/annotations/ratelimit" @@ -293,9 +294,9 @@ type Location struct { // Denied returns an error when this location cannot not be allowed // Requesting a denied location should return HTTP code 403. Denied error `json:"denied,omitempty"` - // EnableCORS indicates if path must support CORS + // CorsConfig returns the Cors Configration for the ingress rule // +optional - EnableCORS bool `json:"enableCors,omitempty"` + CorsConfig cors.CorsConfig `json:"corsConfig,omitempty"` // ExternalAuth indicates the access to this location requires // authentication using an external provider // +optional diff --git a/pkg/ingress/types_equals.go b/pkg/ingress/types_equals.go index 3791080da..7bae22e8e 100644 --- a/pkg/ingress/types_equals.go +++ b/pkg/ingress/types_equals.go @@ -355,7 +355,7 @@ func (l1 *Location) Equal(l2 *Location) bool { if l1.Denied != l2.Denied { return false } - if l1.EnableCORS != l2.EnableCORS { + if l1.CorsConfig != l2.CorsConfig { return false } if !(&l1.ExternalAuth).Equal(&l2.ExternalAuth) { diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index e939361ab..f2e59785c 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -505,17 +505,18 @@ stream { {{/* CORS support from https://michielkalkman.com/snippets/nginx-cors-open-configuration.html */}} {{ define "CORS" }} + {{ $server := .Second }} if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '{{ $location.CorsConfig.CorsAllowOrigin }}'; + add_header 'Access-Control-Allow-Origin' '{{ $server.CorsConfig.CorsAllowOrigin }}'; # # Om nom nom cookies # - add_header 'Access-Control-Allow-Credentials' '{{ $location.CorsConfig.CorsAllowCredentials }}'; - add_header 'Access-Control-Allow-Methods' '{{ $location.CorsConfig.CorsAllowMethods }}'; + add_header 'Access-Control-Allow-Credentials' '{{ $server.CorsConfig.CorsAllowCredentials }}'; + add_header 'Access-Control-Allow-Methods' '{{ $server.CorsConfig.CorsAllowMethods }}'; # # Custom headers and headers various browsers *should* be OK with but aren't # - add_header 'Access-Control-Allow-Headers' '{{ $location.CorsConfig.CorsAllowHeaders }}'; + add_header 'Access-Control-Allow-Headers' '{{ $server.CorsConfig.CorsAllowHeaders }}'; # # Tell client that this pre-flight info is valid for 20 days # @@ -542,10 +543,10 @@ stream { } if ($cors_method = 1) { - add_header 'Access-Control-Allow-Origin' '{{ $location.CorsConfig.CorsAllowOrigin }} ' always; - add_header 'Access-Control-Allow-Credentials' '{{ $location.CorsConfig.CorsAllowCredentials }}'; - add_header 'Access-Control-Allow-Methods' '{{ $location.CorsConfig.CorsAllowMethods }}'; - add_header 'Access-Control-Allow-Headers' '{{ $location.CorsConfig.CorsAllowHeaders }}'; + add_header 'Access-Control-Allow-Origin' '{{ $server.CorsConfig.CorsAllowOrigin }} ' always; + add_header 'Access-Control-Allow-Credentials' '{{ $server.CorsConfig.CorsAllowCredentials }}'; + add_header 'Access-Control-Allow-Methods' '{{ $server.CorsConfig.CorsAllowMethods }}'; + add_header 'Access-Control-Allow-Headers' '{{ $server.CorsConfig.CorsAllowHeaders }}'; } {{ end }}