Kubernetes nginx-ingress ingress controller CORS handled by application

2
votes

I am struggling to get NGINX to proxy the CORS headers back and forth from my application. The allowed origins are specified by my ASP.NET Web Application and I would like to proxy these headers back to the client. The application runnning outside of Kubernetes handles CORS headers perfectly so it appears that the application has CORS configured correctly. The Kubernetes NGINX ingress controller doesn't seem to allow me to do this as far as I can tell.

I would like to continue to allow my applicaiton to handle the allowed origins and therefore I just need to configure the NGINX reverse proxy to pass all headers. Looking at the documentation proxy_pass_request_headers is set to on by default. My previous understanding of NGINX is that this config setting is what is required when proxying to another server in order for headers to be passed backwards and forwards.

The annotations enable-cors and the various configration options around CORS outlined in the documentation are of little use to me as they assume that the Ingress Controller is the source of truth on the allowed origins. Which in my case it is not.

I would have expected this to be a common request to allow the application to handle CORS but I am struggling to find any soltions to this issue.

Many thanks in advance for any help anyone can provide!

UPDATE - Add Diagram

I have created a little diagram with my understanding of the topology here. This may well be an oversimplification of the process but hopefully you can understand what I am trying to achieve more easily. enter image description here

1
nginxiiskubernetescorswindows-container
could you share how you set the cors header in the NGINX ingress controller? try to set the Access-Control-Allow-Origin: * . you could refer this link discuss.konghq.com/t/…Jalpa Panchal
@JalpaPanchal unforunately that turns of CORS which means my application is left unprotected for my users. I have discovered what the issue was though and have left the answer below for those that are interested!Gerard Wilkinson

1 Answers

3
votes

So this was actually related to a few other issues I was having. CORS headers were not being stripped after all. I had suspicions that the CORS module wasnt configured in a typical IIS container after doing a significant amount of debugging. This was the first issue. https://github.com/microsoft/dotnet-framework-docker/issues/625

For those that are interested here is the DockerFile lines for adding in CORS with Chocolatey:

RUN Set-ExecutionPolicy Bypass -Scope Process -Force; `
    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; `
    iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')); `
    choco install iis-cors-module -y

The Kubernetes NGINX wasnt stripping headers and was indeed proxying all headers as normal.

A few other interesting tidbits if anyone else experiences similar issues in future: