Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: cors plug-in problem #11965

Open
zhaomingcheng01 opened this issue Feb 11, 2025 · 3 comments
Open

bug: cors plug-in problem #11965

zhaomingcheng01 opened this issue Feb 11, 2025 · 3 comments
Labels
bug Something isn't working checking check first if this issue occurred

Comments

@zhaomingcheng01
Copy link

Current Behavior

The global cross-domain plug-in is enabled, but the request headers returned are inconsistent

===========================
C:\Users\Administrator>curl -iv http://10.129.45.55:9080/k8s-demo/actuator/health/liveness

  • Trying 10.129.45.55...
  • TCP_NODELAY set
  • Connected to 10.129.45.55 (10.129.45.55) port 9080 (#0)

GET /k8s-demo/actuator/health/liveness HTTP/1.1
Host: 10.129.45.55:9080
User-Agent: curl/7.55.1
Accept: /

< HTTP/1.1 200
HTTP/1.1 200
< Content-Type: application/vnd.spring-boot.actuator.v3+json
Content-Type: application/vnd.spring-boot.actuator.v3+json
< Content-Length: 15
Content-Length: 15
< Connection: keep-alive
Connection: keep-alive
< Date: Tue, 11 Feb 2025 10:04:57 GMT
Date: Tue, 11 Feb 2025 10:04:57 GMT
< Server: APISIX/3.2.1
Server: APISIX/3.2.1
< X-APISIX-Upstream-Status: 200
X-APISIX-Upstream-Status: 200
< Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET,POST,PUT,DELETE,PATCH,HEAD,OPTIONS,CONNECT,TRACE
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,PATCH,HEAD,OPTIONS,CONNECT,TRACE
< Access-Control-Max-Age: 600
Access-Control-Max-Age: 600
< Access-Control-Expose-Headers: **
Access-Control-Expose-Headers: **
< Access-Control-Allow-Credentials: true
Access-Control-Allow-Credentials: true

<
{"status":"UP"}* Connection #0 to host 10.129.45.55 left intact

C:\Users\Administrator>curl -iv http://10.129.45.55:9080/k8s-demo/actuator/health/liveness

  • Trying 10.129.45.55...
  • TCP_NODELAY set
  • Connected to 10.129.45.55 (10.129.45.55) port 9080 (#0)

GET /k8s-demo/actuator/health/liveness HTTP/1.1
Host: 10.129.45.55:9080
User-Agent: curl/7.55.1
Accept: /

< HTTP/1.1 200
HTTP/1.1 200
< Content-Type: application/vnd.spring-boot.actuator.v3+json
Content-Type: application/vnd.spring-boot.actuator.v3+json
< Content-Length: 15
Content-Length: 15
< Connection: keep-alive
Connection: keep-alive
< Date: Tue, 11 Feb 2025 10:04:58 GMT
Date: Tue, 11 Feb 2025 10:04:58 GMT
< Server: APISIX/3.2.1
Server: APISIX/3.2.1
< X-APISIX-Upstream-Status: 200
X-APISIX-Upstream-Status: 200

<
{"status":"UP"}* Connection #0 to host 10.129.45.55 left intact

< Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET,POST,PUT,DELETE,PATCH,HEAD,OPTIONS,CONNECT,TRACE
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,PATCH,HEAD,OPTIONS,CONNECT,TRACE
< Access-Control-Max-Age: 600
Access-Control-Max-Age: 600
< Access-Control-Expose-Headers: **
Access-Control-Expose-Headers: **
< Access-Control-Allow-Credentials: true
Access-Control-Allow-Credentials: true

Some request headers are occasionally lost

===========================
apiVersion: apisix.apache.org/v2
kind: ApisixGlobalRule
metadata:
name: global
namespace: apisix
spec:
plugins:
- config:
allow_credential: true
allow_headers: ''
allow_methods: ''
allow_origins: ''
expose_headers: ''
max_age: 600
enable: true
name: cors

Expected Behavior

No response

Error Logs

No response

Steps to Reproduce

Configure the global cross-domain plug-in

Environment

  • APISIX version (3.2.1)
@dosubot dosubot bot added the bug Something isn't working label Feb 11, 2025
@fearless11
Copy link

I also encountered this situation. restart apisix service fixed it.

APISIX version (3.7.0)

--- test ---
curl -X OPTIONS -H 'Origin: http://aaa.xxx.com' -I 'https://bbb.xxx.com/crm/page'
HTTP/1.1 200 OK
Date: Thu, 13 Feb 2025 05:34:01 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/3.7.0
Vary: Origin
Access-Control-Allow-Origin: http://aaa.xxx.com
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,PATCH,HEAD,OPTIONS,CONNECT,TRACE
Access-Control-Max-Age: 5
Access-Control-Expose-Headers: **
Access-Control-Allow-Credentials: true

curl -X OPTIONS -H 'Origin: http://aaa.xxx.com' -I 'https://bbb.xxx.com/crm/page'
HTTP/1.1 200 OK
Date: Thu, 13 Feb 2025 05:34:01 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/3.7.0
Vary: Origin

@juzhiyuan
Copy link
Member

I'm following the examples from https://docs.api7.ai/hub/cors and giving it a try, but I am getting the same result as the comments above: the Access-Control-Allow-xxx headers are missing. @kayx23 can you please also have a try?

@juzhiyuan juzhiyuan added the checking check first if this issue occurred label Feb 14, 2025
@zhaomingcheng01
Copy link
Author

Image
Here's how I set it. Global cross-domain configuration is enabled

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working checking check first if this issue occurred
Projects
Apache APISIX backlog
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@juzhiyuan @fearless11 @zhaomingcheng01