


















Starting with NGINX Ingress Controller (NIC) v5.4.0, you can define CORS behavior once in a Policy resource and apply it consistently across both VirtualServer and Ingress traffic paths.
Across this blog, we’re focused on:
VirtualServer and Ingress.Many teams start with per-resource tuning and quickly end up with drift. Using a dedicated Policy for CORS gives you:
At a high level:
Policy resource with spec.corsVirtualServer.spec.policies (or route/subroute policies)Ingress via the nginx.org/policies annotationExample CORS Policy:
apiVersion: k8s.nginx.org/v1
kind: Policy
metadata:
name: cors-policy
spec:
cors:
allowOrigin:
- https://app.example.com
allowMethods:
- GET
- POST
- PUT
- OPTIONS
allowHeaders:
- Content-Type
- Authorization
- X-Requested-With
exposeHeaders:
- X-Total-Count
- X-Page-Size
allowCredentials: true
maxAge: 86400
Example of VirtualServer referencing above CORS Policy:
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: webapp
spec:
host: webapp.example.com
policies:
- name: cors-policy
upstreams:
- name: webapp
service: webapp-svc
port: 80
routes:
- path: /test
action:
pass: webapp
Example of Ingress referencing above CORS Policy:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cafe-ingress
annotations:
nginx.org/policies: "cors-policy"
spec:
ingressClassName: nginx
rules:
- host: cafe.example.com
http:
paths:
- path: /tea
pathType: Prefix
backend:
service:
name: tea-svc
port:
number: 80
Important behavior to remember:
VirtualServer and Ingress.VirtualServer, route/subroute policies override same-type policy at spec level.allowCredentials: true), explicit origins are required.Before rollout, validate these explicitly:
Access-Control-Allow-Origin.allowCredentials: true is only used with explicit origins (not *).CORS is a browser enforcement boundary, so keep it tight:
allowCredentials as high trust; use narrowly scoped origins.You can find complete working examples on github and more documentation in our docs:

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。