Cors improvements

pkg/ingress/types.go

@@ -29,6 +29,7 @@ import (
 	"k8s.io/ingress-nginx/pkg/ingress/annotations/auth"
 	"k8s.io/ingress-nginx/pkg/ingress/annotations/authreq"
 	"k8s.io/ingress-nginx/pkg/ingress/annotations/authtls"
+	"k8s.io/ingress-nginx/pkg/ingress/annotations/cors"
 	"k8s.io/ingress-nginx/pkg/ingress/annotations/ipwhitelist"
 	"k8s.io/ingress-nginx/pkg/ingress/annotations/proxy"
 	"k8s.io/ingress-nginx/pkg/ingress/annotations/ratelimit"
@@ -293,9 +294,9 @@ type Location struct {
 	// Denied returns an error when this location cannot not be allowed
 	// Requesting a denied location should return HTTP code 403.
 	Denied error `json:"denied,omitempty"`
-	// EnableCORS indicates if path must support CORS
+	// CorsConfig returns the Cors Configration for the ingress rule
 	// +optional
-	EnableCORS bool `json:"enableCors,omitempty"`
+	CorsConfig cors.CorsConfig `json:"corsConfig,omitempty"`
 	// ExternalAuth indicates the access to this location requires
 	// authentication using an external provider
 	// +optional

pkg/ingress/types_equals.go

@@ -355,7 +355,7 @@ func (l1 *Location) Equal(l2 *Location) bool {
 	if l1.Denied != l2.Denied {
 		return false
 	}
-	if l1.EnableCORS != l2.EnableCORS {
+	if l1.CorsConfig != l2.CorsConfig {
 		return false
 	}
 	if !(&l1.ExternalAuth).Equal(&l2.ExternalAuth) {

rootfs/etc/nginx/template/nginx.tmpl

@@ -505,17 +505,18 @@ stream {
 
 {{/* CORS support from https://michielkalkman.com/snippets/nginx-cors-open-configuration.html */}}
 {{ define "CORS" }}
+     {{ $server := .Second }}
      if ($request_method = 'OPTIONS') {
-        add_header 'Access-Control-Allow-Origin' '{{ $location.CorsConfig.CorsAllowOrigin }}';
+        add_header 'Access-Control-Allow-Origin' '{{ $server.CorsConfig.CorsAllowOrigin }}';
         #
         # Om nom nom cookies
         #
-        add_header 'Access-Control-Allow-Credentials' '{{ $location.CorsConfig.CorsAllowCredentials }}';
+        add_header 'Access-Control-Allow-Credentials' '{{ $server.CorsConfig.CorsAllowCredentials }}';
-        add_header 'Access-Control-Allow-Methods' '{{ $location.CorsConfig.CorsAllowMethods }}';
+        add_header 'Access-Control-Allow-Methods' '{{ $server.CorsConfig.CorsAllowMethods }}';
         #
         # Custom headers and headers various browsers *should* be OK with but aren't
         #
-        add_header 'Access-Control-Allow-Headers' '{{ $location.CorsConfig.CorsAllowHeaders }}';
+        add_header 'Access-Control-Allow-Headers' '{{ $server.CorsConfig.CorsAllowHeaders }}';
         #
         # Tell client that this pre-flight info is valid for 20 days
         #
@@ -542,10 +543,10 @@ stream {
      }
 
      if ($cors_method = 1) {
-        add_header 'Access-Control-Allow-Origin' '{{ $location.CorsConfig.CorsAllowOrigin }} ' always;
+        add_header 'Access-Control-Allow-Origin' '{{ $server.CorsConfig.CorsAllowOrigin }} ' always;
-        add_header 'Access-Control-Allow-Credentials' '{{ $location.CorsConfig.CorsAllowCredentials }}';
+        add_header 'Access-Control-Allow-Credentials' '{{ $server.CorsConfig.CorsAllowCredentials }}';
-        add_header 'Access-Control-Allow-Methods' '{{ $location.CorsConfig.CorsAllowMethods }}';
+        add_header 'Access-Control-Allow-Methods' '{{ $server.CorsConfig.CorsAllowMethods }}';
-        add_header 'Access-Control-Allow-Headers' '{{ $location.CorsConfig.CorsAllowHeaders }}';
+        add_header 'Access-Control-Allow-Headers' '{{ $server.CorsConfig.CorsAllowHeaders }}';
      }
 {{ end }}