Skip to content

CORS | Send back null headers from all services so that istio CORS policy honored

Srishti Sharma requested to merge srsharmaCORS1 into master

All Submissions:

  • [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
  • [YES/NO] I have updated the documentation accordingly.
  • [YES/NO/NA] I have added tests to cover my changes.
  • [YES/NO/NA] All new and existing tests passed.
  • [YES/NO/NA] My code follows the code style of this project.
  • [YES/NO/NA] I ran lint checks locally prior to submission.

What is the issue or story related to the change?

  • Feature: Implement CORS
  • We update CORS policy in istio
  • Currently all services send back hardcoded response headers due to which istio's CORS is not implemented.
  • Created a new class in core-lib-azure which implements Filter. It sends back null headers from all services so that istio CORS policy honored.

Response: 403 - CORS Error for different origin - Expected image

Console: Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Response: 200 response for valid origin – Expected Result **Updated istio CORS to allow origin image

Edited by Srishti Sharma

Merge request reports