CORS cross source resource sharing concept and configuration (Kubernetes Ingress and Spring Cloud Gateway)

Posted by badassrocker on Sun, 23 Jan 2022 00:30:29 +0100

1 cross source resources vb.net tutorial Shared CORS

Cross source resource sharing( CORS )Cross domain resource sharing HTTP Header mechanism, which allows the server to identify other than itself origin (domain, protocol and port) so that browsers can access and load these resources.

The first thing to be clear is that the browser access information c# tutorial CORS exists only in the source. It will not appear through other HTTP Client codes. CORS is simply when in the browser python basic tutorial The source Origin of the address bar is different from the source of the address of the accessed resource, that is, cross source. For example, in the development of front end and back end separation, the address of the UI is http://localhost:3000 , and the address of the service is http://localhost:8080 , to get the data of the service through JavaScript, you need to cross source.

1.1 pre inspection preflight

For those HTTP request methods that may have side effects on server data (especially GET Other than HTTP requests, or with some MIME types POST Request), the browser must first use OPTIONS Method initiates a preflight request to obtain the service java basic course Whether the service side allows the cross source request. After the server confirms that it is allowed, it initiates the actual HTTP request.

Therefore, CORS needs server-side sql tutorial Open a feature instead of the client.

For simple requests, no pre check is required:

Pre inspection is generally carried out through OPTION method:

Note:

The header of the request carries "cookies" (credentials:include). If the value of "access control allow origin" is "*", the request will fail.

2 kubernetes ingress open CORS

CORS can be opened at the ingress level instead of at the application level. The configuration is as follows:

annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS, DELETE"
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,X-LANG,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Api-Key,X-Device-Id,Access-Control-Allow-Origin"

Considering that in some scenarios, allow origin cannot be set to *, it can be configured as follows:

nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
	more_set_headers "Access-Control-Allow-Origin: $http_origin";

3. Open CORS through spring cloud gateway

You can configure properties or configure WebFilter in Java.

spring:
  cloud:
    gateway:
      globalcors:
        cors-configurations:
          '[/**]':
            allowedOrigins: "https://www.pkslow.com"
            allowedMethods:
            - GET

The way of Java is roughly as follows:

@Bean
CorsWebFilter corsWebFilter() {
    CorsConfiguration corsConfig = new CorsConfiguration();
    corsConfig.setAllowedOrigins(Arrays.asList("https://www.pkslow.com"));
    corsConfig.setMaxAge(8000L);
    corsConfig.addAllowedMethod("PUT");

    UrlBasedCorsConfigurationSource source =
      new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", corsConfig);

    return new CorsWebFilter(source);
}

Welcome to WeChat official account, "pumpkin slow talk", which will continue to update for you.

Hot Topics

©2025 Programmer Think