I am using Istio External Authorization and Authorization Policy for API authentication.
BTW The error occurs when the client calls the API under certain conditions
- localhost:3000 (react) → my-api.org (API domain)
Of course, API Sever set response header internally. (Access-Control-Allow-Origin)
And I checked the log, the request was not delivered to the API server.
I think CORS error occurs before the request is forwarded to the provider service.
Could you tell me your opinion?
Below is a sample code similar to my conditions.
extensionProviders: - name: auth-http-dev envoyExtAuthzHttp: service: auth.dev.svc.cluster.local
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: my-api-ap namespace: dev spec: selector: matchLabels: app: my-api action: CUSTOM provider: name: auth-http-dev rules: - to: - operation: paths: - "/rest/api/v1/*"