I have problem configuring CORS for the service exposed by ingress gateway.
My goal is to get CORS headers when sending OPTION request.
I’m migrating from Nginx-ingress and for nginx it was as easy as setting the annotation nginx.ingress.kubernetes.io/enable-cors: "true"
in the ingress.
My configuration:
Gateway:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: example
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- example.com
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: example-tls
hosts:
- example.com
Virtualservice:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: example
spec:
hosts:
- "example.com"
gateways:
- example
http:
- match:
- uri:
prefix: /api/graphql
route:
- destination:
host: example.default.svc.cluster.local
port:
number: 9999
corsPolicy:
allowMethods:
- POST
- OPTIONS
allowOrigin:
- https://example.com
allowHeaders:
- authorization
- content-type
- route:
- destination:
host: example-ui.default.svc.cluster.local
port:
number: 80
When I try to run the curl I get:
curl -X OPTIONS https://example.com/api/graphql -I
HTTP/2 404
content-type: text/plain; charset=UTF-8
date: Fri, 10 Jul 2020 14:31:52 GMT
content-length: 9
x-envoy-upstream-service-time: 4
server: istio-envoy
What I expect is something like this (this is output from Nginx-ingress)
curl -X OPTIONS https://example.com/api/graphql -I
HTTP/2 204
server: nginx/1.17.8
date: Fri, 10 Jul 2020 14:57:39 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-max-age: 1728000
Can someone please point what I’m doing wrong?