CORS rules nginx-ingress rules
Add the annotation to enable CORS
:
nginx.ingress.kubernetes.io/enable-cors: "true"
Be aware that the string "*" cannot be used for a resource that supports credentials (https://www.w3.org/TR/cors/#resource-requests), try with your domain list (comma separated) instead of *
You can create a second Ingress, with a different domain and cors origin, directing to the same destination. Not the best solution but it works.
Or:
kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/configuration-snippet: | more_set_headers "Access-Control-Allow-Origin: $http_origin"; nginx.ingress.kubernetes.io/cors-allow-credentials: "true" nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS, DELETE, PATCH nginx.ingress.kubernetes.io/enable-cors: "true"
But attention $http_origin is allowing every origin!
This is a fairly requested feature: https://github.com/kubernetes/ingress-nginx/issues/5496
As a current workaround you can use the following snippet to define more than one domain for CORS: https://github.com/kubernetes/ingress-nginx/issues/5496#issuecomment-662798662
A PR has already been submitted and waits for completion. So this should roll out natively during one of the coming releases: https://github.com/kubernetes/ingress-nginx/pull/7134