Kubernetes nginx-ingress ingress controller CORS handled by application
So this was actually related to a few other issues I was having. CORS headers were not being stripped after all. I had suspicions that the CORS module wasnt configured in a typical IIS container after doing a significant amount of debugging. This was the first issue. https://github.com/microsoft/dotnet-framework-docker/issues/625
For those that are interested here is the DockerFile lines for adding in CORS with Chocolatey:
RUN Set-ExecutionPolicy Bypass -Scope Process -Force; ` [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; ` iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')); ` choco install iis-cors-module -y
The Kubernetes NGINX wasnt stripping headers and was indeed proxying all headers as normal.
A few other interesting tidbits if anyone else experiences similar issues in future:
- ASP.NET Applications really dont like being behind reverse proxies. There may be other issues that will raise their head later but to start with they check a property called
IsSecureConnection
when returning a WebForms page (presumably something similar happens with MVC). Scripts are often set to match what it presumes the scheme is (http not https). This then causes errors in modern browsers. Refer to the following SO posts for this: Why am I suddenly getting a "Blocked loading mixed active content" issue in Firefox? How to add meta tag to ASP.Net content page - After you have done this we then have some lovely Telerik nonsense if you were unlucky enough to have these controls embedded in your site. Telerik (Progress) in their infinite wisdom use a different URL for their HTTPS CDN links. Which dont nicely upgrade. The following forums helped me out here: https://www.telerik.com/forums/cdn-not-pulling-from-the-right-location-under-ssl