I am using Istio in Google Kubernetes Engine with Istio. I've added a CORS policy to my virtual service that allows all origins. It looks like this:
- match:
- port: 443
route:
- destination:
host: rev79-api-service
port:
number: 9000
corsPolicy:
allowOrigin:
- '*'
allowMethods:
- POST
- GET
- OPTIONS
- PUT
- DELETE
allowHeaders:
- grpc-timeout
- content-type
- keep-alive
- user-agent
- cache-control
- content-type
- content-transfer-encoding
- x-accept-content-transfer-encoding
- x-accept-response-streaming
- x-user-agent
- x-grpc-web
maxAge: 86400s
exposeHeaders:
- grpc-status
- grpc-message
allowCredentials: true
But When I try to make a request from a browser I get this error:
dev.rev79.app/:1 Access to XMLHttpRequest at 'https://api.rev79.app/sil.rev79.Admin/ListNations' from origin 'https://dev.rev79.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
What am I supposed to do to avoid this CORS error?
I'm considering directing all requests with method OPTIONS to a service that just gives a 200 response (i.e. my health check path) but I think there must be a more conventional approach.
