From f8bacc379bc78719b01c4981f0eb8fa81ab597ea Mon Sep 17 00:00:00 2001 From: Izabela Gomes Date: Mon, 13 May 2024 14:42:47 -0400 Subject: [PATCH] set cors policy in httpproxies only for external visibility --- pkg/reconciler/contour/resources/httpproxy.go | 2 +- .../contour/resources/httpproxy_test.go | 62 +------------------ 2 files changed, 2 insertions(+), 62 deletions(-) diff --git a/pkg/reconciler/contour/resources/httpproxy.go b/pkg/reconciler/contour/resources/httpproxy.go index 6178d2b73..4b6a6075c 100644 --- a/pkg/reconciler/contour/resources/httpproxy.go +++ b/pkg/reconciler/contour/resources/httpproxy.go @@ -305,7 +305,7 @@ func MakeHTTPProxies(ctx context.Context, ing *v1alpha1.Ingress, serviceToProtoc Fqdn: host, } - if cfg.Contour.CORSPolicy != nil { + if cfg.Contour.CORSPolicy != nil && rule.Visibility == v1alpha1.IngressVisibilityExternalIP { hostProxy.Spec.VirtualHost.CORSPolicy = cfg.Contour.CORSPolicy } diff --git a/pkg/reconciler/contour/resources/httpproxy_test.go b/pkg/reconciler/contour/resources/httpproxy_test.go index 8e965437b..a6da35b22 100644 --- a/pkg/reconciler/contour/resources/httpproxy_test.go +++ b/pkg/reconciler/contour/resources/httpproxy_test.go @@ -2575,7 +2575,7 @@ func TestMakeProxiesCORSPolicy(t *testing.T) { }, }}, }, { - name: "set corsPolicy values for cluster local visibility", + name: "do not set corsPolicy values for cluster local visibility", ing: &v1alpha1.Ingress{ ObjectMeta: metav1.ObjectMeta{ Namespace: "foo", @@ -2628,26 +2628,6 @@ func TestMakeProxiesCORSPolicy(t *testing.T) { Spec: v1.HTTPProxySpec{ VirtualHost: &v1.VirtualHost{ Fqdn: "bar.foo", - CORSPolicy: &v1.CORSPolicy{ - AllowCredentials: true, - AllowOrigin: []string{ - "*", - }, - AllowMethods: []v1.CORSHeaderValue{ - "GET", - "POST", - "OPTIONS", - }, - AllowHeaders: []v1.CORSHeaderValue{ - "authorization", - "cache-control", - }, - ExposeHeaders: []v1.CORSHeaderValue{ - "Content-Length", - "Content-Range", - }, - MaxAge: "10m", - }, }, Routes: []v1.Route{{ EnableWebsockets: true, @@ -2730,26 +2710,6 @@ func TestMakeProxiesCORSPolicy(t *testing.T) { Spec: v1.HTTPProxySpec{ VirtualHost: &v1.VirtualHost{ Fqdn: "bar.foo.svc", - CORSPolicy: &v1.CORSPolicy{ - AllowCredentials: true, - AllowOrigin: []string{ - "*", - }, - AllowMethods: []v1.CORSHeaderValue{ - "GET", - "POST", - "OPTIONS", - }, - AllowHeaders: []v1.CORSHeaderValue{ - "authorization", - "cache-control", - }, - ExposeHeaders: []v1.CORSHeaderValue{ - "Content-Length", - "Content-Range", - }, - MaxAge: "10m", - }, }, Routes: []v1.Route{{ EnableWebsockets: true, @@ -2832,26 +2792,6 @@ func TestMakeProxiesCORSPolicy(t *testing.T) { Spec: v1.HTTPProxySpec{ VirtualHost: &v1.VirtualHost{ Fqdn: "bar.foo.svc.cluster.local", - CORSPolicy: &v1.CORSPolicy{ - AllowCredentials: true, - AllowOrigin: []string{ - "*", - }, - AllowMethods: []v1.CORSHeaderValue{ - "GET", - "POST", - "OPTIONS", - }, - AllowHeaders: []v1.CORSHeaderValue{ - "authorization", - "cache-control", - }, - ExposeHeaders: []v1.CORSHeaderValue{ - "Content-Length", - "Content-Range", - }, - MaxAge: "10m", - }, }, Routes: []v1.Route{{ EnableWebsockets: true,