Ingress 兼容https & http 跨域配置access-control-allow-origin
Ingress
兼容前端https & http
跨域配置access-control-allow-origin
场景说明:
前端域名a.com访问后端b.com域名,其中b.com使用Ingress配置,需要支持http://a.com和https://a.com两种前端域名跨域方式访问b.com。
一、使用Ingress原生跨域Annotations配置只可满足其中一种情况
注意,官方最新的文档cors-allow-origin支持配置多个域名,但在我们使用的比较旧的版本0.32中配置两个直接被设置为*,导致失败
annotations: nginx.ingress.kubernetes.io/enable-cors: true nginx.ingress.kubernetes.io/cors-allow-origin: https://a.com # 或者 nginx.ingress.kubernetes.io/cors-allow-origin: http://a.com nginx.ingress.kubernetes.io/cors-allow-methods: * nginx.ingress.kubernetes.io/cors-allow-headers: * nginx.ingress.kubernetes.io/cors-allow-credentials: true
二、以上配置生成的nginx.conf片段
# Cors Preflight methods needs additional options and different Return Code if ($request_method = OPTIONS) { more_set_headers Access-Control-Allow-Origin: *; more_set_headers Access-Control-Allow-Credentials: true; more_set_headers Access-Control-Allow-Methods: *; more_set_headers Access-Control-Allow-Headers: *; more_set_headers Access-Control-Max-Age: 1728000; more_set_headers Content-Type: text/plain charset=UTF-8; more_set_headers Content-Length: 0; return 204; } more_set_headers Access-Control-Allow-Origin: *; more_set_headers Access-Control-Allow-Credentials: true; more_set_headers Access-Control-Allow-Methods: *; more_set_headers Access-Control-Allow-Headers: *;
三、根据自动生成的nginx.conf改为使用configuration-snippet配置
annotations: nginx.ingress.kubernetes.io/configuration-snippet: | if ($request_method = OPTIONS) { more_set_headers "Access-Control-Allow-Origin: $http_origin"; more_set_headers Access-Control-Allow-Credentials: true; more_set_headers Access-Control-Allow-Methods: *; more_set_headers Access-Control-Allow-Headers: *; more_set_headers Access-Control-Max-Age: 1728000; more_set_headers Content-Type: text/plain charset=UTF-8; more_set_headers Content-Length: 0; return 204; } more_set_headers "Access-Control-Allow-Origin: $http_origin"; more_set_headers Access-Control-Allow-Credentials: true; more_set_headers Access-Control-Allow-Methods: *; more_set_headers Access-Control-Allow-Headers: *; nginx.ingress.kubernetes.io/ssl-redirect: false