istiooauth2-proxy

CORS with Istio and oauth2-proxy


I have added corsPolicy on my Istio Virtual Service route so that the response contains the appropriate Access-Control-Allow-Origin header when the request contains an Origin header. It works well.

I have added oauth2-proxy using an AuthorizationPolicy with CUSTOM action. Now the response doesn't contain the Access-Control-Allow-Origin header anymore, even after successful authentication.

Is there something to do in oauth2-proxy or envoyExtAuthzHttp configuration to fix CORS support ?


Solution

  • I finally fixed it by adding the following EnvoyFilter:

    apiVersion: networking.istio.io/v1alpha3
    kind: EnvoyFilter
    metadata:
      name: cors-filter
      namespace: istio-system
    spec:
      configPatches:
      - applyTo: HTTP_FILTER
        match:
          context: GATEWAY
          listener:
            filterChain:
              filter:
                name: "envoy.filters.network.http_connection_manager"
        patch:
          operation: INSERT_BEFORE
          value:
            name: envoy.filters.http.cors
            typed_config:
              "@type": "type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors"