skip to Main Content

I have this issue:

Access to XMLHttpRequest at 'https://example.org:8443/main.MyService/Ping' from origin 'https://example.org' has been blocked by CORS policy: Request header field x-user-agent is not allowed by Access-Control-Allow-Headers in preflight response.

enter image description here

enter image description here

My envoy:

# Admin settings
admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address: 
      address: 0.0.0.0
      port_value: 9901

# Static resource configurations
static_resources:
  listeners:
    - name: listener_0
      address:
        socket_address: 
          address: 0.0.0.0
          port_value: 8443
      filter_chains:
        - filters:
            - name: envoy.filters.network.http_connection_manager
              typed_config:
                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                codec_type: auto
                stat_prefix: ingress_http
                route_config:
                  name: local_route
                  virtual_hosts:
                    - name: local_service
                      domains: ["*"]
                      cors:
                        allow_origin_string_match:
                          - safe_regex:
                              google_re2: {}
                              regex: '^https?://example.org:[0-9]{4,5}$'
                        allow_headers: "authorization, keep-alive, user-agent, cache-control, content-type, content-transfer-encoding, custom-header-1, x-accept-content-transfer-encoding, x-accept-response-streaming, x-grpc-web, x-user-agent, grpc-timeout"
                        allow_methods: "GET, POST, OPTIONS"
                        max_age: "1d"
                      routes:
                        - match:
                            prefix: "/"
                            headers:
                            - name: ":method"
                              exact_match: "OPTIONS"
                          direct_response:
                            status: 200
                        - match:
                            prefix: "/auth/google/callback"
                          route:
                            cluster: sample_cluster
                            timeout: 
                              seconds: 60
                        - match: 
                            prefix: "/"
                          route: 
                            cluster: sample_cluster
                            timeout: 
                              seconds: 60
                  request_headers_to_remove: ["x-user-agent"]
                  response_headers_to_remove: ["x-user-agent"]
                  response_headers_to_add:
                    - header:
                        key: "Access-Control-Allow-Origin"
                        value: "https://example.org"

                access_log:
                  - name: envoy.access_loggers.stdout
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
                # HTTP filter settings
                http_filters:
                  # gRPC-Web filter
                  - name: envoy.filters.http.grpc_web
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
                  # CORS filter
                  - name: envoy.filters.http.cors
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
                  # HTTP router filter
                  - name: envoy.filters.http.router
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router

          transport_socket:  # Corrected indentation level
            name: envoy.transport_sockets.tls
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
              common_tls_context:
                tls_certificates:
                - certificate_chain: {filename: "/etc/envoy/origin-public.pem"}
                  private_key: {filename: "/etc/envoy/origin-private.pem"}
               
  # Cluster settings
  clusters:
    - name: sample_cluster
      connect_timeout: 0.25s
      type: logical_dns
      http2_protocol_options: {}
      load_assignment:
        cluster_name: sample_cluster
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address:
                      address: backend  # Change to your gRPC server address
                      port_value: 50051  # Change to your gRPC server port

2

Answers


  1. Chosen as BEST ANSWER

    This configure resolves my issue:

    admin:
      access_log_path: /tmp/admin_access.log
      address:
        socket_address: { address: 0.0.0.0, port_value: 9901 }
    
    static_resources:
      listeners:
        - name: listener_0
          address:
            socket_address: { address: 0.0.0.0, port_value: 8443 }
          filter_chains:
            - filters:
              - name: envoy.filters.network.http_connection_manager
                typed_config:
                  "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                  codec_type: auto
                  stat_prefix: ingress_http
                  route_config:
                    name: local_route
                    virtual_hosts:
                      - name: local_service
                        domains: ["*"]
                        routes:
                          - match: { prefix: "/" }
                            route:
                              cluster: sample_cluster
                              timeout: 0s
                              max_stream_duration:
                                grpc_timeout_header_max: 0s
                        cors:
                          allow_origin_string_match:
                              - safe_regex:
                                  google_re2: {}
                                  regex: '^https?://kwapia.org:[0-9]{4,5}$'
                          allow_methods: GET, POST, OPTIONS
                          allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
                          max_age: "1728000"
                          expose_headers: custom-header-1,grpc-status,grpc-message
                    response_headers_to_add:
                      - header:
                          key: "Access-Control-Allow-Origin"
                          value: "https://kwapia.org"
                  http_filters:
                    - name: envoy.filters.http.grpc_web
                      typed_config:
                        "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
                    - name: envoy.filters.http.cors
                      typed_config:
                        "@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
                    - name: envoy.filters.http.router
                      typed_config:
                        "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
              transport_socket:  # Corrected indentation level
                name: envoy.transport_sockets.tls
                typed_config:
                  "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
                  common_tls_context:
                    tls_certificates:
                    - certificate_chain: {filename: "/etc/envoy/origin-public.pem"}
                      private_key: {filename: "/etc/envoy/origin-private.pem"}
      # Cluster settings
      clusters:
        - name: sample_cluster
          connect_timeout: 0.25s
          type: logical_dns
          http2_protocol_options: {}
          load_assignment:
            cluster_name: sample_cluster
            endpoints:
              - lb_endpoints:
                  - endpoint:
                      address:
                        socket_address:
                          address: backend  # Change to your gRPC server address
                          port_value: 50051  # Change to your gRPC server port
    

  2. I am suggesting, confirm host service, then add ‘{http or https}://{localhost or the other}:{port} to CORS white list.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search