Template: Fix faulty CORS headers handling. #12424
Conversation
k8s-ci-robot
added
the
do-not-merge/work-in-progress
k8s-ci-robot
added
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: elizabeth-dev The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
needs-triage
|
This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
needs-kind
|
Hi @elizabeth-dev. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
✅ Deploy Preview for kubernetes-ingress-nginx ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
k8s-ci-robot
added
the
size/XL
|
@Gacko in that case we can prioritize and merge the NJS PR first, and then add this on top of it as just a fix |
|
Yes, makes sense! Sadly we can first release it in v1.13. Also I wouldn't word it as a fix then. Does this make sense? |
|
@Gacko hmm, not sure if I understand. you wouldn't tag the other PR (adding NJS + some migrations) as a fix, I agree with that, but once that is merged whenever, we can put this change on top, then it'd just be the scripting part, and that would pass as "just a fix" for me, since no new modules would be added and the logic would stay the same (but working as expected) or do you prefer to pass both changes as new features? |
|
Hm, yeah, you're right. We can consider this a fix. It's just a bit complex as we are also changing the whole framework the implementation is based on. |
|
well, that's settled then. we'll see if we can fix the build issues soon /hold |
k8s-ci-robot
added
the
do-not-merge/hold
Signed-off-by: Anurag Rajawat <[email protected]>
Gacko
changed the title
elizabeth-dev
force-pushed
the
fix-cors-headers
branch
from
c291656 to
49ab05e
Compare
What this PR does / why we need it:
CORS headers handling implementation has been producing inconsistent results for a bit due to the unusual way Nginx handles
ifdirectives (essentially, they are to includereturnandrewritedirectives only inside them). This change recreates the exact same logic we were trying to apply whe handling CORS, but using NJS scripting.This also includes the NJS module into our custom build of Nginx, since it was going to be necessary for #12383 anyway.
Types of changes
Which issue/s this PR fixes
fixes #10267
How Has This Been Tested?
Test cases including multiple origin, headers, and methods have been run using curl, in order to ensure all the different CORS headers behave accordingly to the different annotation values we allow. This also included the specific configuration a user reported failing in the linked issue.
Additionally, most of the CORS e2e test suite has been revised and improved, relying more on actually checking the result of HTTP requests rather than just checking the contents of the nginx.conf file.
Checklist: