Hello.
I am using Istio External Authorization and Authorization Policy for API authentication.
BTW The error occurs when the client calls the API under certain conditions
- localhost:3000 (react) → my-api.org (API domain)
Of course, API Sever set response header internally. (Access-Control-Allow-Origin)
And I checked the log, the request was not delivered to the API server.
I think CORS error occurs before the request is forwarded to the provider service.
Could you tell me your opinion?
Below is a sample code similar to my conditions.
mesh config
extensionProviders:
- name: auth-http-dev
envoyExtAuthzHttp:
service: auth.dev.svc.cluster.local
authorization policy
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: my-api-ap
namespace: dev
spec:
selector:
matchLabels:
app: my-api
action: CUSTOM
provider:
name: auth-http-dev
rules:
- to:
- operation:
paths:
- "/rest/api/v1/*"