I have this issue:
Access to XMLHttpRequest at 'https://example.org:8443/main.MyService/Ping' from origin 'https://example.org' has been blocked by CORS policy: Request header field x-user-agent is not allowed by Access-Control-Allow-Headers in preflight response.
My envoy:
# Admin settings
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address:
address: 0.0.0.0
port_value: 9901
# Static resource configurations
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 8443
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
cors:
allow_origin_string_match:
- safe_regex:
google_re2: {}
regex: '^https?://example.org:[0-9]{4,5}$'
allow_headers: "authorization, keep-alive, user-agent, cache-control, content-type, content-transfer-encoding, custom-header-1, x-accept-content-transfer-encoding, x-accept-response-streaming, x-grpc-web, x-user-agent, grpc-timeout"
allow_methods: "GET, POST, OPTIONS"
max_age: "1d"
routes:
- match:
prefix: "/"
headers:
- name: ":method"
exact_match: "OPTIONS"
direct_response:
status: 200
- match:
prefix: "/auth/google/callback"
route:
cluster: sample_cluster
timeout:
seconds: 60
- match:
prefix: "/"
route:
cluster: sample_cluster
timeout:
seconds: 60
request_headers_to_remove: ["x-user-agent"]
response_headers_to_remove: ["x-user-agent"]
response_headers_to_add:
- header:
key: "Access-Control-Allow-Origin"
value: "https://example.org"
access_log:
- name: envoy.access_loggers.stdout
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
# HTTP filter settings
http_filters:
# gRPC-Web filter
- name: envoy.filters.http.grpc_web
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
# CORS filter
- name: envoy.filters.http.cors
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
# HTTP router filter
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
transport_socket: # Corrected indentation level
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
common_tls_context:
tls_certificates:
- certificate_chain: {filename: "/etc/envoy/origin-public.pem"}
private_key: {filename: "/etc/envoy/origin-private.pem"}
# Cluster settings
clusters:
- name: sample_cluster
connect_timeout: 0.25s
type: logical_dns
http2_protocol_options: {}
load_assignment:
cluster_name: sample_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: backend # Change to your gRPC server address
port_value: 50051 # Change to your gRPC server port
2
Answers
This configure resolves my issue:
I am suggesting, confirm host service, then add ‘{http or https}://{localhost or the other}:{port} to CORS white list.