Can Ambassador handle CORS requests?

5/31/2019

I'm sorry if this is a very ignorant question but is it possible for Ambassador to truly handle CORS headers and pre-flight OPTION responses?

The docs (https://www.getambassador.io/reference/cors) seem kind of ambiguous to me, if there are just hooks to prevent requests, or if it can truly respond on behalf of the services.

Here's my situation: I've got Ambassador in front of all the http requests to some microservices. For [reasons] we now need a separate domain to make requests into the same Ambassador.

I have an AuthService configured, and according to the docs "When you use external authorization, each incoming request is authenticated before routing to its destination, including pre-flight OPTIONS requests." Which makes perfect sense, and that's what I'm seeing. My AuthService is configured to allow things correctly and that seems to be working. The AuthService responds with the appropriate headers, but Ambassador seems to just ignore that and only cares if the AuthService responds with a 200 or not. (Which seems totally reasonable.)

I have this annotated on my ambassador module:

getambassador.io/config: |
  --- 
  apiVersion: ambassador/v1
  kind:  Module
  name:  ambassador
  config:
    service_port: 8080
    cors:
      origins: [my domain here]
      credentials: true

And that doesn't seem to do what I'd expect, which is handle the CORS headers and pre-flight... instead it forwards it on to the service to handle all the CORS stuff.

-- xbakesx
ambassador
cors
kubernetes
microservices

1 Answer

5/31/2019

Turns out, by specifying headers: "Content-Type" in the cors configuration, things just started to work. Apparently that's not as optional as I thought.

So this is now my module:

getambassador.io/config: |
--- 
apiVersion: ambassador/v1
kind:  Module
name:  ambassador
config:
  service_port: 8080
  cors:
    origins: [my domain here]
    headers: "Content-Type"
    credentials: true
-- xbakesx
Source: StackOverflow