OPSEXP-1415: Update ingress annotations for front end apps #89
Conversation
|
|
EquinoxBlack
force-pushed
the
opsexp-1415
branch
2 times, most recently
from
2eb1189 to
9c104a9
Compare
| annotations: | ||
| kubernetes.io/ingress.class: nginx | ||
| nginx.ingress.kubernetes.io/enable-cors: "true" | ||
| nginx.ingress.kubernetes.io/cors-allow-headers: Authorization, Content-Type, Accept |
There was a problem hiding this comment.
spec doesn't loook that affirmative about Accept header. Looks to me it can depend on actual field value too https://fetch.spec.whatwg.org/#cors-safelisted-request-header
@EquinoxBlack do we know what the value of the accept field can be?
There was a problem hiding this comment.
@alxgomz not really, I was referencing this here https://github.com/Alfresco/alfresco-process-infrastructure-deployment/blob/develop/helm/alfresco-process-infrastructure/values.yaml#L506 cc @gionn
There was a problem hiding this comment.
then do you mind trying without setting the cors-allow-headers annotation? Just to make sure we're not allowing dodgy requests by-passing the additional restriction the spec enforces?
There was a problem hiding this comment.
yep, right now trying to test without it. Will get back here when finished
There was a problem hiding this comment.
Looks to me it can depend on actual field value too https://fetch.spec.whatwg.org/#cors-safelisted-request-header
didn't notice that before (it was present also on mozilla.org page), however it's more oriented to avoid that invalid values for that field return an affirmative cors response, I think it will be fine removing cors-allow-headers directive
There was a problem hiding this comment.
@alxgomz all passed without 'cors-allow-headers' annotation. Updated pr
EquinoxBlack
force-pushed
the
opsexp-1415
branch
from
9c104a9 to
8db8a9c
Compare
No description provided.