Configuring CORS

zhaohuabing · September 28, 2020, 11:36am

I finally figured it out. Two things you need to pay attention:

You need to add the allowed origins in the allowOrigins field.
You need to specify the “Origin” header in the curl command to indicate that it’s a cors request.

Otherwise, the access-control-allow-* headers won’t show up.
For instance:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
 name: cors-rule
spec:
 hosts:
 - http-server.default.svc.cluster.local
 http:
 - route:
   - destination:
       host: http-server.default.svc.cluster.local
   corsPolicy:
     allowOrigins:
     - exact: http://www.example.com
     allowMethods:
     - POST
     - GET
     allowHeaders:
     - X-Custom-Header
     exposeHeaders:
     - X-Expose-Header
     maxAge: 24h
     allowCredentials: false

k exec http-server-6cc8fd5c68-cnp9h - curl -sv -H “Origin: http://www.example.com” http-server.default.svc.cluster.local/test

Topic		Replies	Views
Istio Kubernetes Ingress + CORS Setup Networking	0	989	February 11, 2022
How to configure k8s ingress with istio1.6 Config	7	2221	September 10, 2020
Cors preflight does not work when Jwt Policy targets the Istio Ingress Gateway Security	5	4029	August 9, 2019
Problem configuring ingress gateway with TLS and wildcard hosts Networking	3	5823	June 13, 2020
Istio with AWS ELB - switching to backend-protocol HTTP triggers CORS errors for browser and 504 for cURL	0	2298	September 17, 2020

Configuring CORS

Related topics