I am struggling to get NGINX to proxy the CORS headers back and forth from my application. The allowed origins are specified by my ASP.NET Web Application and I would like to proxy these headers back to the client. The application runnning outside of Kubernetes handles CORS headers perfectly so it appears that the application has CORS configured correctly. The Kubernetes NGINX ingress controller doesn't seem to allow me to do this as far as I can tell.
I would like to continue to allow my applicaiton to handle the allowed origins and therefore I just need to configure the NGINX reverse proxy to pass all headers. Looking at the documentation proxy_pass_request_headers
is set to on
by default. My previous understanding of NGINX is that this config setting is what is required when proxying to another server in order for headers to be passed backwards and forwards.
The annotations enable-cors
and the various configration options around CORS outlined in the documentation are of little use to me as they assume that the Ingress Controller is the source of truth on the allowed origins. Which in my case it is not.
I would have expected this to be a common request to allow the application to handle CORS but I am struggling to find any soltions to this issue.
Many thanks in advance for any help anyone can provide!
I have created a little diagram with my understanding of the topology here. This may well be an oversimplification of the process but hopefully you can understand what I am trying to achieve more easily.
So this was actually related to a few other issues I was having. CORS headers were not being stripped after all. I had suspicions that the CORS module wasnt configured in a typical IIS container after doing a significant amount of debugging. This was the first issue. https://github.com/microsoft/dotnet-framework-docker/issues/625
For those that are interested here is the DockerFile lines for adding in CORS with Chocolatey:
RUN Set-ExecutionPolicy Bypass -Scope Process -Force; `
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; `
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')); `
choco install iis-cors-module -y
The Kubernetes NGINX wasnt stripping headers and was indeed proxying all headers as normal.
A few other interesting tidbits if anyone else experiences similar issues in future:
IsSecureConnection
when returning a WebForms page (presumably something similar happens with MVC). Scripts are often set to match what it presumes the scheme is (http not https). This then causes errors in modern browsers. Refer to the following SO posts for this: https://stackoverflow.com/questions/18251128/why-am-i-suddenly-getting-a-blocked-loading-mixed-active-content-issue-in-fire https://stackoverflow.com/questions/6198726/how-to-add-meta-tag-to-asp-net-content-page