跨域问题

跨域设置涉及的几个header如下：

Access-Control-Allow-Origin:
Access-Control-Expose-Headers:
Access-Control-Max-Age:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods:
Access-Control-Allow-Headers: 

# ingress
nginx.ingress.kubernetes.io/enable-cors: 
nginx.ingress.kubernetes.io/cors-allow-methods:
nginx.ingress.kubernetes.io/cors-allow-headers: 
nginx.ingress.kubernetes.io/cors-expose-headers: 
nginx.ingress.kubernetes.io/cors-allow-origin: 
nginx.ingress.kubernetes.io/cors-allow-credentials:
nginx.ingress.kubernetes.io/cors-max-age:

控制台里一般会打印出跨域的错误信息，如果其中有preflight关键字，一般都是option预检请求

login:1 Access to XMLHttpRequest at 'https://foo.cn/passport/usersv2/getimagecode' from origin 'https://bar.cn' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

那么nginx的conf文件配置一般如下：

add_header Access-Control-Max-Age 2592000;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, PUT, HEAD, OPTIONS';
add_header Access-Control-Allow-Headers '*';

nginx ingress注解如下：

nginx.ingress.kubernetes.io/cors-allow-methods: "GET, PUT, POST, DELETE, PATCH, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization"
nginx.ingress.kubernetes.io/cors-expose-headers: "*, X-CustomResponseHeader"
nginx.ingress.kubernetes.io/cors-allow-origin: "https://origin-site.com:4443, http://origin-site.com, https://example.org:1199"
nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.origin-site.com:4443, http://*.origin-site.com, https://example.org:1199"
nginx.ingress.kubernetes.io/cors-allow-credentials: "false"
nginx.ingress.kubernetes.io/cors-max-age: 1728000

如果preflight请求中有http cookie，则需要打开credentials开关

nginx.ingress.kubernetes.io/enable-cors: "true"

Access-Control-Allow-Credentials: true

跨域相关文档地址：

https://developer.mozilla.org/zh-CN/docs/Web/HTTP/CORS

https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/