DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cors improevements

Browse source
This commit is contained in:
Ricardo Pchevuzinske Katz 2017-10-22 18:28:48 -02:00
parent 6e3b9b09c1
commit f2dd452fea
No known key found for this signature in database
GPG key ID: 173CD5BA1DA70A25
5 changed files with 42 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Makefile
View file

@ -3,10 +3,10 @@ all: push
BUILDTAGS= BUILDTAGS=
# Use the 0.0 tag for testing, it shouldn't clobber any release builds # Use the 0.0 tag for testing, it shouldn't clobber any release builds
TAG?=0.9.0-beta.15 TAG?=katz-cors6
REGISTRY?=gcr.io/google_containers REGISTRY?=rpkatz
GOOS?=linux GOOS?=linux
DOCKER?=gcloud docker -- DOCKER?=docker
SED_I?=sed -i SED_I?=sed -i
GOHOSTOS ?= $(shell go env GOHOSTOS) GOHOSTOS ?= $(shell go env GOHOSTOS)

24
pkg/ingress/annotations/cors/main.go
View file

@ -65,6 +65,30 @@ func NewParser() parser.IngressAnnotation {
return cors{} return cors{}
} }
// Equal tests for equality between two External types
func (c1 *CorsConfig) Equal(c2 *CorsConfig) bool {
if c1 == c2 {
return true
}
if c1 == nil || c2 == nil {
return false
}
if c1.CorsAllowCredentials != c2.CorsAllowCredentials {
return false
}
if c1.CorsAllowHeaders != c2.CorsAllowHeaders {
return false
}
if c1.CorsAllowOrigin != c2.CorsAllowOrigin {
return false
}
if c1.CorsEnabled != c2.CorsEnabled {
return false
}
return true
}
// Parse parses the annotations contained in the ingress // Parse parses the annotations contained in the ingress
// rule used to indicate if the location/s should allows CORS // rule used to indicate if the location/s should allows CORS
func (a cors) Parse(ing *extensions.Ingress) (interface{}, error) { func (a cors) Parse(ing *extensions.Ingress) (interface{}, error) {

3
pkg/ingress/controller/util_test.go
View file

@ -23,6 +23,7 @@ import (
"k8s.io/ingress-nginx/pkg/ingress" "k8s.io/ingress-nginx/pkg/ingress"
"k8s.io/ingress-nginx/pkg/ingress/annotations/auth" "k8s.io/ingress-nginx/pkg/ingress/annotations/auth"
"k8s.io/ingress-nginx/pkg/ingress/annotations/authreq" "k8s.io/ingress-nginx/pkg/ingress/annotations/authreq"
"k8s.io/ingress-nginx/pkg/ingress/annotations/cors"
"k8s.io/ingress-nginx/pkg/ingress/annotations/ipwhitelist" "k8s.io/ingress-nginx/pkg/ingress/annotations/ipwhitelist"
"k8s.io/ingress-nginx/pkg/ingress/annotations/proxy" "k8s.io/ingress-nginx/pkg/ingress/annotations/proxy"
"k8s.io/ingress-nginx/pkg/ingress/annotations/ratelimit" "k8s.io/ingress-nginx/pkg/ingress/annotations/ratelimit"
@ -45,7 +46,7 @@ func TestMergeLocationAnnotations(t *testing.T) {
"Backend": "foo_backend", "Backend": "foo_backend",
"BasicDigestAuth": auth.BasicDigest{}, "BasicDigestAuth": auth.BasicDigest{},
DeniedKeyName: &fakeError{}, DeniedKeyName: &fakeError{},
"EnableCORS": true, "EnableCORS": cors.CorsConfig{},
"ExternalAuth": authreq.External{}, "ExternalAuth": authreq.External{},
"RateLimit": ratelimit.RateLimit{}, "RateLimit": ratelimit.RateLimit{},
"Redirect": redirect.Redirect{}, "Redirect": redirect.Redirect{},

2
pkg/ingress/types_equals.go
View file

@ -355,7 +355,7 @@ func (l1 *Location) Equal(l2 *Location) bool {
if l1.Denied != l2.Denied { if l1.Denied != l2.Denied {
return false return false
} }
if l1.CorsConfig != l2.CorsConfig { if !(&l1.CorsConfig).Equal(&l2.CorsConfig) {
return false return false
} }
if !(&l1.ExternalAuth).Equal(&l2.ExternalAuth) { if !(&l1.ExternalAuth).Equal(&l2.ExternalAuth) {

22
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -505,18 +505,19 @@ stream {
{{/* CORS support from https://michielkalkman.com/snippets/nginx-cors-open-configuration.html */}} {{/* CORS support from https://michielkalkman.com/snippets/nginx-cors-open-configuration.html */}}
{{ define "CORS" }} {{ define "CORS" }}
{{ $server := .Second }} {{ $cors := .CorsConfig }}
if ($request_method = 'OPTIONS') { if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '{{ $server.CorsConfig.CorsAllowOrigin }}'; add_header 'Cors-Enabled' '{{ $cors.CorsEnabled }}';
add_header 'Access-Control-Allow-Origin' '{{ $cors.CorsAllowOrigin }}';
# #
# Om nom nom cookies # Om nom nom cookies
# #
add_header 'Access-Control-Allow-Credentials' '{{ $server.CorsConfig.CorsAllowCredentials }}'; add_header 'Access-Control-Allow-Credentials' '{{ $cors.CorsAllowCredentials }}';
add_header 'Access-Control-Allow-Methods' '{{ $server.CorsConfig.CorsAllowMethods }}'; add_header 'Access-Control-Allow-Methods' '{{ $cors.CorsAllowMethods }}';
# #
# Custom headers and headers various browsers *should* be OK with but aren't # Custom headers and headers various browsers *should* be OK with but aren't
# #
add_header 'Access-Control-Allow-Headers' '{{ $server.CorsConfig.CorsAllowHeaders }}'; add_header 'Access-Control-Allow-Headers' '{{ $cors.CorsAllowHeaders }}';
# #
# Tell client that this pre-flight info is valid for 20 days # Tell client that this pre-flight info is valid for 20 days
# #
@ -543,10 +544,10 @@ stream {
} }
if ($cors_method = 1) { if ($cors_method = 1) {
add_header 'Access-Control-Allow-Origin' '{{ $server.CorsConfig.CorsAllowOrigin }} ' always; add_header 'Access-Control-Allow-Origin' '{{ $cors.CorsAllowOrigin }}';
add_header 'Access-Control-Allow-Credentials' '{{ $server.CorsConfig.CorsAllowCredentials }}'; add_header 'Access-Control-Allow-Credentials' '{{ $cors.CorsAllowCredentials }}';
add_header 'Access-Control-Allow-Methods' '{{ $server.CorsConfig.CorsAllowMethods }}'; add_header 'Access-Control-Allow-Methods' '{{ $cors.CorsAllowMethods }}';
add_header 'Access-Control-Allow-Headers' '{{ $server.CorsConfig.CorsAllowHeaders }}'; add_header 'Access-Control-Allow-Headers' '{{ $cors.CorsAllowHeaders }}';
} }
{{ end }} {{ end }}
@ -720,8 +721,9 @@ stream {
proxy_set_header Authorization ""; proxy_set_header Authorization "";
{{ end }} {{ end }}
# CORS is {{ $location.CorsConfig.CorsEnabled }}
{{ if $location.CorsConfig.CorsEnabled }} {{ if $location.CorsConfig.CorsEnabled }}
{{ template "CORS" }} {{ template "CORS" $location }}
{{ end }} {{ end }}
{{ if not (empty $location.Redirect.URL) }} {{ if not (empty $location.Redirect.URL) }}