[英]Kubernetes nginx-ingress ingress controller CORS handled by application
I am struggling to get NGINX to proxy the CORS headers back and forth from my application.我正在努力让 NGINX 在我的应用程序中来回代理 CORS 标头。 The allowed origins are specified by my ASP.NET Web Application and I would like to proxy these headers back to the client.允许的来源由我的 ASP.NET Web 应用程序指定,我想将这些标头代理回客户端。 The application runnning outside of Kubernetes handles CORS headers perfectly so it appears that the application has CORS configured correctly.在 Kubernetes 之外运行的应用程序可以完美地处理 CORS 标头,因此看起来应用程序的 CORS 配置正确。 The Kubernetes NGINX ingress controller doesn't seem to allow me to do this as far as I can tell.据我所知,Kubernetes NGINX 入口 controller 似乎不允许我这样做。
I would like to continue to allow my applicaiton to handle the allowed origins and therefore I just need to configure the NGINX reverse proxy to pass all headers.我想继续允许我的应用程序处理允许的来源,因此我只需要配置 NGINX 反向代理来传递所有标头。 Looking at the documentation proxy_pass_request_headers
is set to on
by default.查看文档proxy_pass_request_headers
默认设置为on
。 My previous understanding of NGINX is that this config setting is what is required when proxying to another server in order for headers to be passed backwards and forwards.我之前对 NGINX 的理解是,此配置设置是代理到另一台服务器时所必需的,以便向后和向前传递标头。
The annotations enable-cors
and the various configration options around CORS outlined in the documentation are of little use to me as they assume that the Ingress Controller is the source of truth on the allowed origins.文档中概述的注释enable-cors
和围绕 CORS 的各种配置选项对我来说几乎没有用,因为他们假设 Ingress Controller 是允许来源的真实来源。 Which in my case it is not.在我的情况下不是。
I would have expected this to be a common request to allow the application to handle CORS but I am struggling to find any soltions to this issue.我原以为这是允许应用程序处理 CORS 的常见请求,但我正在努力寻找解决此问题的方法。
Many thanks in advance for any help anyone can provide!非常感谢任何人都可以提供的任何帮助!
I have created a little diagram with my understanding of the topology here.根据我对拓扑的理解,我创建了一个小图。 This may well be an oversimplification of the process but hopefully you can understand what I am trying to achieve more easily.这很可能是对过程的过度简化,但希望你能更容易地理解我想要实现的目标。
So this was actually related to a few other issues I was having.所以这实际上与我遇到的其他一些问题有关。 CORS headers were not being stripped after all. CORS 接头毕竟没有被剥离。 I had suspicions that the CORS module wasnt configured in a typical IIS container after doing a significant amount of debugging.在进行大量调试后,我怀疑 CORS 模块未在典型的 IIS 容器中配置。 This was the first issue.这是第一个问题。 https://github.com/microsoft/dotnet-framework-docker/issues/625 https://github.com/microsoft/dotnet-framework-docker/issues/625
For those that are interested here is the DockerFile lines for adding in CORS with Chocolatey:对于那些在这里感兴趣的是 DockerFile 行,用于添加带有 Chocolatey 的 CORS:
RUN Set-ExecutionPolicy Bypass -Scope Process -Force; `
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; `
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')); `
choco install iis-cors-module -y
The Kubernetes NGINX wasnt stripping headers and was indeed proxying all headers as normal. Kubernetes NGINX 没有剥离标头,并且确实正常代理所有标头。
A few other interesting tidbits if anyone else experiences similar issues in future:如果其他人将来遇到类似问题,还有其他一些有趣的花絮:
IsSecureConnection
when returning a WebForms page (presumably something similar happens with MVC).可能会有其他问题稍后会引起他们的注意,但首先他们会在返回 WebForms 页面时检查一个名为IsSecureConnection
的属性(大概类似的事情发生在 MVC 上)。 Scripts are often set to match what it presumes the scheme is (http not https).脚本通常设置为与它假定的方案相匹配(http 不是 https)。 This then causes errors in modern browsers.这会导致现代浏览器出现错误。 Refer to the following SO posts for this: Why am I suddenly getting a "Blocked loading mixed active content" issue in Firefox?请参阅以下 SO 帖子: 为什么我在 Firefox 中突然出现“阻止加载混合活动内容”问题? How to add meta tag to ASP.Net content page 如何将元标记添加到 ASP.Net 内容页面
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.