Can CORS settings be configured/extended per rule?

[dan2kx]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] This issue affects my Ory Cloud project.
• [X] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Describe your problem

I would like to configure cors settings on a rule by rule basis

Describe your ideal solution

I'm using oathkeeper-maestor in a kubernetes environment to create my rules and it would be useful to be able to adjust the cors settings such as allowed origins or exposed headers per rule rather than for the whole service.

Workarounds or alternatives

I'm not sure if this is currently possible, i couldn't find anything in the docs

Version

v0.38.15

Additional Context

No response

[a-manraj-pvotal]

I would expect to have your CORS rules in your north south microservice gateway (emissary, ambassador, traefik, contour, kong) mapping not in your authservice. But then you have to authorize the OPTIONS call without authentication to your services in a mapping. Example with gRPC or gRPC-web service with auth service with crd mappings.getambassador.io

bypass_auth: false
  connect_timeout_ms: 5000
  cors:
    credentials: false
    exposed_headers:
    - x-user-agent
    - grpc-status
    - grpc-message
    - content-type
    - x-grpc-web
    headers:
    - Content-Type
    - authorization
    - x-user-agent
    - x-grpc-web
    max_age: "86400"
    methods:
    - DELETE
    - GET
    - OPTIONS
    - POST
    - PUT
    origins:
    - YOUR HOST
  grpc: true

[aeneasr]

I agree, this is out of scope for Ory Oathkeeper - sorry :/