Kong Ingress Controller with CORS plugin failed with preflight OPTIONS request

Kubernetes
#1

I use the CORS plugin with Kong ingress controller, whitin Postman, the API works great, the response includes an

Access-Control-Allow-Origin: *

header.

But when I made cors request in Chrome, it report:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Edge report:

The server has not found anything matching the requested URI (Uniform Resource Identifier).

My upstream service is a express/node app, I already set the cors middleware, but it seems the preflight HTTP OPTIONS request won’t go through or get response from the Kong gateway.

And I noticed the plugin has an limitation.

But I don’t know to configure my KongIngress object to overcome this limitation in broswer for cors request.

#2

You won’t need to use a KongIngress resource for this.
Just enable the plugin on a specific path and not a host:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: demo
spec:
  rules:
  - http: # note that host attribute is not set
      paths:
      - path: /foo
        backend:
          serviceName: myservice
          servicePort: 80
#3

I am experiencing this problem with Ingress, it doesn’t pass the pre-flight request to back-end. I removed the host from the ingress but I have to keep the hosts as my ingress is exposed through tls.
The following is the plugin
===================plugin========================
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: cors-plugin
namespace: cw
config:
headers:

  • ‘*’
    methods:
  • ‘*’
    origins:
  • ‘*’
    enabled: true
    plugin: cors

================ and this is my ingress =============
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: api-ingress-rules
namespace: cw
annotations:
kubernetes.io/tls-acme: “true”
konghq.com/protocols: “https”
konghq.com/methods: “GET,POST,OPTIONS”
konghq.com/plugins: basic-auth
cert-manager.io/cluster-issuer: “{issuer}”
spec:
tls:

  • secretName: aks-ingress-tls-{issuer}
    hosts:
    • {fqdn}
      rules:
  • http:
    paths:
    • path: /v1/agents
      backend:
      serviceName: api-cloud
      servicePort: 8080

appreciate your help!