Reputation: 1180
How To Add Preflight Missing Allow-Origin Header In Kubernetes Gateway API
We are leveraging the power of Kubernetes Gateway API to use it capabilities in Gateway and HTTPRoute.
We have a simple Gateway resource that uses a GKE External Global LoadBalancer. Below shows the full manifest code
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: external-http
namespace: infra-ns
spec:
gatewayClassName: gke-l7-global-external-managed
listeners:
- name: https
protocol: HTTPS
port: 443
allowedRoutes:
namespaces:
from: Selector
selector:
matchLabels:
shared-gateway-access: "true"
tls:
mode: Terminate
options:
networking.gke.io/pre-shared-certs: ipos-cert
addresses:
- type: NamedAddress
value: "l7lb-external-ip-address"
This Gateway is attached to multiple HTTPRoutes like so
rules:
- matches:
- path:
value: /api/v1/service
backendRefs:
- name: example-service
port: 80
The setup work well when requests are sent from code application clients. The problem is if request is sent through browser, we get a Cross-Origin Resource Sharing error: PreflightMissingAllowOriginHeader and request status says CORS error
How can we add the missing Allow Origin Header using Kubernetes Gateway API
Upvotes: 1
Views: 1283
Answers (2)
Reputation: 250
I want to add my side on how i solved this issue as Gari Singh said you have to do it in application level which i did and i tried a lot of implementations but none worked, only by chance when i saw the GKE cluster logs and there was an issue in health checks that is implemented by default by GKE gatewayAPI i had to configure my service to send a 200 ok status as a respond to /GET request, you can see this in official docs gatewayAPI Restrictions and Limitations, the part we are interested in is
GKE Gateway behaves differently than Ingress, in that Gateway does not infer health check parameters. If your Service does not return 200 for requests to GET /, or you have other tuned pod readiness checks, you need to configure a HealthCheckPolicy for your service.
The context is if your back-end service is not healthy the traffic will not be sent to it so all requests from frontend to backend will report a CORS error. so i hope this saves someone time who may not be an expert like me.
Upvotes: 0
Reputation: 12053
CORS support is on the GKE Gateway roadmap, but for now you will need to add support from within your application backend.
Upvotes: 3
Related Questions
- S3 - Access-Control-Allow-Origin Header
- How does the 'Access-Control-Allow-Origin' header work?
- Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?
- Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response
- API Gateway CORS: no 'Access-Control-Allow-Origin' header
- No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API
- How to use Gateway API with Kong on GKE?
- Response to preflight request doesn't pass access control check - No 'Access-Control-Allow-Origin' header