Setting access-control-allow-origin: "*"

danielftapiar · May 1, 2020, 4:07am

Im trying to set the cors policty to allow all, a very common setting but it seems impossible to set on Istio, anyone has a solution to this?.

Ive tried setting

 headers:
      response:
        set:
          Access-Control-Allow-Origin: "*"

as well as


 corsPolicy:
      allowOrigin:
      - "*"

Any help would be greatly appriciated

inaiat · July 1, 2020, 9:30pm

Hi daniel,

I had same problem. I can get answer for “*” do this with this code (istio 1.6.4):
PS: I don’t recommend this code for production environment.

`corsPolicy:
    allowOrigins:
      - exact: "*"
    allowMethods:
      - POST
      - GET
      - PUT
      - DELETE
      - OPTIONS
    allowCredentials: true
    allowHeaders:
      - Content-Type
      - Authorization
    maxAge: "24h"`

Topic		Replies	Views
CorsPolicy not working Policies and Telemetry	3	2237	May 12, 2020
Istio 1.7 CORS Policy not fully working Security security	1	3799	October 2, 2020
CORS Issue with Istio External Authorization and Authorization Policy for API Authentication Security security	0	749	March 24, 2023
Is it possible to send back "access-control-allow-origin: *" using corsPolicy Networking security	0	507	June 22, 2023
Grpcweb cors not working	1	1932	June 14, 2020

Setting access-control-allow-origin: "*"

Related topics