Cors improevements
This commit is contained in:
Ricardo Pchevuzinske Katz
parent
6e3b9b09c1
commit
f2dd452fea
5 changed files with 42 additions and 15 deletions
6
Makefile
6
Makefile
|
|
@ -3,10 +3,10 @@ all: push
|
|||
BUILDTAGS=
|
||||
|
||||
# Use the 0.0 tag for testing, it shouldn't clobber any release builds
|
||||
TAG?=0.9.0-beta.15
|
||||
REGISTRY?=gcr.io/google_containers
|
||||
TAG?=katz-cors6
|
||||
REGISTRY?=rpkatz
|
||||
GOOS?=linux
|
||||
DOCKER?=gcloud docker --
|
||||
DOCKER?=docker
|
||||
SED_I?=sed -i
|
||||
GOHOSTOS ?= $(shell go env GOHOSTOS)
|
||||
|
||||
|
|
|
|||
|
|
@ -65,6 +65,30 @@ func NewParser() parser.IngressAnnotation {
|
|||
return cors{}
|
||||
}
|
||||
|
||||
// Equal tests for equality between two External types
|
||||
func (c1 *CorsConfig) Equal(c2 *CorsConfig) bool {
|
||||
if c1 == c2 {
|
||||
return true
|
||||
}
|
||||
if c1 == nil || c2 == nil {
|
||||
return false
|
||||
}
|
||||
if c1.CorsAllowCredentials != c2.CorsAllowCredentials {
|
||||
return false
|
||||
}
|
||||
if c1.CorsAllowHeaders != c2.CorsAllowHeaders {
|
||||
return false
|
||||
}
|
||||
if c1.CorsAllowOrigin != c2.CorsAllowOrigin {
|
||||
return false
|
||||
}
|
||||
if c1.CorsEnabled != c2.CorsEnabled {
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
// Parse parses the annotations contained in the ingress
|
||||
// rule used to indicate if the location/s should allows CORS
|
||||
func (a cors) Parse(ing *extensions.Ingress) (interface{}, error) {
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ import (
|
|||
"k8s.io/ingress-nginx/pkg/ingress"
|
||||
"k8s.io/ingress-nginx/pkg/ingress/annotations/auth"
|
||||
"k8s.io/ingress-nginx/pkg/ingress/annotations/authreq"
|
||||
"k8s.io/ingress-nginx/pkg/ingress/annotations/cors"
|
||||
"k8s.io/ingress-nginx/pkg/ingress/annotations/ipwhitelist"
|
||||
"k8s.io/ingress-nginx/pkg/ingress/annotations/proxy"
|
||||
"k8s.io/ingress-nginx/pkg/ingress/annotations/ratelimit"
|
||||
|
|
@ -45,7 +46,7 @@ func TestMergeLocationAnnotations(t *testing.T) {
|
|||
"Backend": "foo_backend",
|
||||
"BasicDigestAuth": auth.BasicDigest{},
|
||||
DeniedKeyName: &fakeError{},
|
||||
"EnableCORS": true,
|
||||
"EnableCORS": cors.CorsConfig{},
|
||||
"ExternalAuth": authreq.External{},
|
||||
"RateLimit": ratelimit.RateLimit{},
|
||||
"Redirect": redirect.Redirect{},
|
||||
|
|
|
|||
|
|
@ -355,7 +355,7 @@ func (l1 *Location) Equal(l2 *Location) bool {
|
|||
if l1.Denied != l2.Denied {
|
||||
return false
|
||||
}
|
||||
if l1.CorsConfig != l2.CorsConfig {
|
||||
if !(&l1.CorsConfig).Equal(&l2.CorsConfig) {
|
||||
return false
|
||||
}
|
||||
if !(&l1.ExternalAuth).Equal(&l2.ExternalAuth) {
|
||||
|
|
|
|||
|
|
@ -505,18 +505,19 @@ stream {
|
|||
|
||||
{{/* CORS support from https://michielkalkman.com/snippets/nginx-cors-open-configuration.html */}}
|
||||
{{ define "CORS" }}
|
||||
{{ $server := .Second }}
|
||||
{{ $cors := .CorsConfig }}
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header 'Access-Control-Allow-Origin' '{{ $server.CorsConfig.CorsAllowOrigin }}';
|
||||
add_header 'Cors-Enabled' '{{ $cors.CorsEnabled }}';
|
||||
add_header 'Access-Control-Allow-Origin' '{{ $cors.CorsAllowOrigin }}';
|
||||
#
|
||||
# Om nom nom cookies
|
||||
#
|
||||
add_header 'Access-Control-Allow-Credentials' '{{ $server.CorsConfig.CorsAllowCredentials }}';
|
||||
add_header 'Access-Control-Allow-Methods' '{{ $server.CorsConfig.CorsAllowMethods }}';
|
||||
add_header 'Access-Control-Allow-Credentials' '{{ $cors.CorsAllowCredentials }}';
|
||||
add_header 'Access-Control-Allow-Methods' '{{ $cors.CorsAllowMethods }}';
|
||||
#
|
||||
# Custom headers and headers various browsers *should* be OK with but aren't
|
||||
#
|
||||
add_header 'Access-Control-Allow-Headers' '{{ $server.CorsConfig.CorsAllowHeaders }}';
|
||||
add_header 'Access-Control-Allow-Headers' '{{ $cors.CorsAllowHeaders }}';
|
||||
#
|
||||
# Tell client that this pre-flight info is valid for 20 days
|
||||
#
|
||||
|
|
@ -543,10 +544,10 @@ stream {
|
|||
}
|
||||
|
||||
if ($cors_method = 1) {
|
||||
add_header 'Access-Control-Allow-Origin' '{{ $server.CorsConfig.CorsAllowOrigin }} ' always;
|
||||
add_header 'Access-Control-Allow-Credentials' '{{ $server.CorsConfig.CorsAllowCredentials }}';
|
||||
add_header 'Access-Control-Allow-Methods' '{{ $server.CorsConfig.CorsAllowMethods }}';
|
||||
add_header 'Access-Control-Allow-Headers' '{{ $server.CorsConfig.CorsAllowHeaders }}';
|
||||
add_header 'Access-Control-Allow-Origin' '{{ $cors.CorsAllowOrigin }}';
|
||||
add_header 'Access-Control-Allow-Credentials' '{{ $cors.CorsAllowCredentials }}';
|
||||
add_header 'Access-Control-Allow-Methods' '{{ $cors.CorsAllowMethods }}';
|
||||
add_header 'Access-Control-Allow-Headers' '{{ $cors.CorsAllowHeaders }}';
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
|
|
@ -720,8 +721,9 @@ stream {
|
|||
proxy_set_header Authorization "";
|
||||
{{ end }}
|
||||
|
||||
# CORS is {{ $location.CorsConfig.CorsEnabled }}
|
||||
{{ if $location.CorsConfig.CorsEnabled }}
|
||||
{{ template "CORS" }}
|
||||
{{ template "CORS" $location }}
|
||||
{{ end }}
|
||||
|
||||
{{ if not (empty $location.Redirect.URL) }}
|
||||
|
|
|
|||
Loading…
Reference in a new issue