kubernetes
cors-allow-headers does not allow wildcard
What happened:
Tried to set wildcard value for nginx.ingress.kubernetes.io/cors-allow-headers.
What you expected to happen:
The value is allowed as per: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers similar to: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
Anything else we need to know:
Don't know why the allow-headers is treated differently:
corsAllowHeadersAnnotation: {
Validator: parser.ValidateRegex(parser.HeadersVariable, true),
Scope: parser.AnnotationScopeIngress,
Risk: parser.AnnotationRiskMedium,
Documentation: `This annotation controls which headers are accepted.
This is a multi-valued field, separated by ',' and accepts letters, numbers, _ and -`,
},
from
corsExposeHeadersAnnotation: {
Validator: parser.ValidateRegex(corsExposeHeadersRegex, true),
Scope: parser.AnnotationScopeIngress,
Risk: parser.AnnotationRiskMedium,
Documentation: `This annotation controls which headers are exposed to response.
This is a multi-valued field, separated by ',' and accepts letters, numbers, _, - and *.`,
},
See: /internal/ingress/annotations/cors/main.go
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.
The triage/accepted label can be added by org members by writing /triage accepted in a comment.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
I think you need to write a step-by-step instructions/guide that someone can copy/paste from a reproduce on a minikube/kind cluster. And also add the data like the requests you sent, the responses you got, the controller, the ingress, the logs of controller, etc etc etc.
It will help a reader to understand the issue. Currently there is no data here that is actionable. Like there is no ingress visible as output of kuebctl describe or the tcpdump showing the request and the responses.
/remove-kind bug
@longwuyuan there is no need to do that. The code in the controller and actual documentation do not allow wildcard on allow-headers but it does on expose-headers. I clearly pointed the actual code where the problem is, the regex value and docs need to be similar to the bit of code on expose-headers. Don't know why we have to overcomplicate things...
This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev on Kubernetes Slack.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This would be awesome if it could be implemented! 🙏
It is a standard way https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
nginx.ingress.kubernetes.io/cors-allow-headers not supporting a wildcard is weird and just created an issue on our end. The necessary code change was already pointed out. What is necessary @longwuyuan to get that shipped with the next release? :)
There is none (yet). Just wanted to check if more than a PR is necessary due to your statement in the past.
Then its beyond my skills. Need to wait for an expert to comment.
I am by no means an expert on that topic but I could try to create a PR targeting that issue.
Gentle nudge to merge in the PR if its ready. Would love to use a wildcard for cors-allow-headers.
@elizabeth-dev: The label triage/accepted cannot be applied. Only GitHub organization members can add the label.
In response to this:
/triage accepted /kind feature
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
