Setting access-control-allow-origin: "*"

danielftapiar · May 1, 2020, 4:07am

Im trying to set the cors policty to allow all, a very common setting but it seems impossible to set on Istio, anyone has a solution to this?.

Ive tried setting

 headers:
      response:
        set:
          Access-Control-Allow-Origin: "*"

as well as


 corsPolicy:
      allowOrigin:
      - "*"

Any help would be greatly appriciated

inaiat · July 1, 2020, 9:30pm

Hi daniel,

I had same problem. I can get answer for “*” do this with this code (istio 1.6.4):
PS: I don’t recommend this code for production environment.

`corsPolicy:
    allowOrigins:
      - exact: "*"
    allowMethods:
      - POST
      - GET
      - PUT
      - DELETE
      - OPTIONS
    allowCredentials: true
    allowHeaders:
      - Content-Type
      - Authorization
    maxAge: "24h"`

Topic		Replies	Views
Istio 1.7 CORS Policy not fully working Security security	1	3574	October 2, 2020
CORS Issue with Istio External Authorization and Authorization Policy for API Authentication Security security	0	579	March 24, 2023
Grpcweb cors not working	1	1821	June 14, 2020
Authentication policy returning 401 on cors OPTIONS call Security	3	694	May 7, 2020
Authorization Policy issue with 503 Networking	12	3644	June 15, 2020

Setting access-control-allow-origin: "*"

Related Topics