CORS规则Nginx入口规则 [英] CORS rules nginx-ingress rules

问题描述

在nginx-ingress版本1.7.1上，我需要允许来自多个来源的请求:http://localhost:4200，http://localhost:4242等.但是我无法针对多个来源执行此操作，因为nginx.ingress.kubernetes.io/cors-allow-credentials: true无法与nginx.ingress.kubernetes.io/cors-allow-origin: "*"一起使用.这会导致浏览器生成CORS错误.也许有人有避免这种错误的解决方案?

I need to allow requests from multiple origins: http://localhost:4200, http://localhost:4242, etc., on nginx-ingress version 1.7.1. But I'm not able to do that for multiple origins, because nginx.ingress.kubernetes.io/cors-allow-credentials: true will not work with nginx.ingress.kubernetes.io/cors-allow-origin: "*". It causes the browser to generate CORS error. Maybe someone has a solution for avoiding this error?

这是我的配置

 annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS, DELETE"
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,X-LANG,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Api-Key,X-Device-Id,Access-Control-Allow-Origin"

通过' https://stage.site.com/api/session 访问XMLHttpRequest ' 从 来源' http://localhost:4200 '已被CORS政策阻止: 响应中"Access-Control-Allow-Origin"标头的值必须 当请求的凭据模式为时，不是通配符"*" '包括'.发起的请求的凭据模式 XMLHttpRequest由withCredentials属性控制.

Access to XMLHttpRequest at 'https://stage.site.com/api/session' from origin 'http://localhost:4200' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

推荐答案

添加注释以启用CORS:

nginx.ingress.kubernetes.io/enable-cors: "true"

请注意，字符串"*"不能用于支持凭据的资源( https://www.w3.org/TR/cors/#resource-requests )，请尝试使用您的域列表(用逗号分隔)而不是*

Be aware that the string "*" cannot be used for a resource that supports credentials (https://www.w3.org/TR/cors/#resource-requests), try with your domain list (comma separated) instead of *

这篇关于CORS规则Nginx入口规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！