When I apply the CORS policy, not all of the CORS headers are serialized back. I only get back the following headers. I’m wondering if I’m doing anything wrong? I do have a JWT policy using the RequestAuthentication
definition also applied to the same gateway the virtual service below is applied to.
Access-Control-Allow-Origin
Access-Control-Allow-Credentials
I’m expecting as expected in this CorsPolicy document
Access-Control-Allow-Methods
Access-Control-Allow-Headers
Access-Control-Max-Age
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
namespace: ingestion
name: http-bobber-2-public
spec:
hosts:
- '*'
gateways:
- alb-system/default-istio-gateway
http:
- name: http-bobber-2-default-public-route
match:
- uri:
prefix: /ingestion/http-bobber-2/
rewrite:
uri: /
route:
- destination:
host: http-bobber-2.ingestion.svc.cluster.local
corsPolicy:
allowOrigins:
- exact: "*"
allowMethods:
- GET
- POST
- PATCH
- PUT
- DELETE
- OPTIONS
allowCredentials: false
allowHeaders:
- authorization
maxAge: "24h"