Ambassador seem to be ignoring CORS on mapping for external service

emissary-ingress / emissary

open source Kubernetes-native API gateway for microservices built on the Envoy Proxy

https://www.getambassador.io

Apache License 2.0

4.37k stars 687 forks source link

Ambassador seem to be ignoring CORS on mapping for external service #793

Closed lalit-pundir closed 5 years ago

lalit-pundir commented 6 years ago

We have added CORS on module level ->

metadata: name: ambassador namespace: development annotations: getambassador.io/config: |

  apiVersion: ambassador/v0
  kind: Module
  name: ambassador
  ambassador_id: ambassador-development
  config:
    cors:
      origins: http://foo.example,http://bar.example   
      headers: Content-Type
      credentials: true

Which seem to be working fine for internal services like ->

annotations: getambassador.io/config: |

  apiVersion: ambassador/v0
  kind:  Mapping
  name:  getuserinfo_mapping
  prefix: /getuserinfo/
  service: getuserinfo
  ambassador_id: ambassador-development

But the same CORS setting are not working when we have mapping for external service ->

metadata: annotations: getambassador.io/config: |

    apiVersion: ambassador/v0
    kind:  Mapping
    name:  httpbin_mapping
    prefix: /httpbin/
    service: httpbin.org:80
    host_rewrite: httpbin.org
    ambassador_id: ambassador-development

Can you please suggest ....

iNoahNothing commented 6 years ago

What makes you think CORS settings are not applying to the httpbin mapping?

iNoahNothing commented 6 years ago

Other resources not appearing when accessing httpbin from an Ambassador mapping is not due to a CORS issue. If you take a look at the network traffic when accessing the httpbin mapping, you will see multiple failed resource requests. If you inspect one of these requests (let's use jquery.min.js) and take a look at the headers, you will see that the request URL is http://<ambassador-ip>/flasgger_static/%20lib/jquery.min.js which results in a 404 because it is looking for a resource on your host that does not exist.

The way to avoid this error is to use host_redirect in the mapping so the host for the jquery.min.js request is httpbin.org:

      ---
      apiVersion: ambassador/v0
      kind:  Mapping
      name:  httpbin_mapping
      prefix: /httpbin/
      host_redirect: true
      path_redirect: /
      service: httpbin.org:80
      host_rewrite: httpbin.org

lalit-pundir commented 6 years ago

I think we are already making use of host-redirect :-> metadata: annotations: getambassador.io/config: |

apiVersion: ambassador/v0 kind: Mapping name: httpbin_mapping prefix: /httpbin/ service: httpbin.org:80 host_rewrite: httpbin.org ambassador_id: ambassador-development

"What makes you think CORS settings are not applying to the httpbin mapping?" Tried adding CORS seting for both internal and external service. I was able to get "Origin not allowed" for internal service , while the same does not give any error in case of external service.

As CORS setting for external service does not seem to have any effect thus we are saying it does not seem to be working with external service

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

sai3010 commented 4 years ago

I'm also facing this issue with ambassador edge stack, any fixes on this? I tried implementing above config but CORS issue is not getting resolved for external Auth