fix(cors): ensure trailing comma treated as empty value to be ignored (#10616)

* fix(cors): ensure trailing comma treated as empty value to be ignored Signed-off-by: Ardika Bagus <me@ardikabs.com> * test(cors): add e2e test Signed-off-by: Ardika Bagus <me@ardikabs.com> --------- Signed-off-by: Ardika Bagus <me@ardikabs.com>
2023-11-08 01:02:48 +07:00 · 2023-11-08 01:02:48 +07:00 · da51393cac
commit da51393cac
parent 8b026f42d5
4 changed files with 81 additions and 0 deletions
--- a/test/e2e/annotations/cors.go
+++ b/test/e2e/annotations/cors.go
@ -632,4 +632,41 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 			Status(http.StatusOK).Headers().
 			ValueEqual("Access-Control-Allow-Origin", []string{"*"})
 	})
+
+	ginkgo.It("should allow correct origin but not others - cors allow origin annotations contain trailing comma", func() {
+		host := corsHost
+		annotations := map[string]string{
+			"nginx.ingress.kubernetes.io/enable-cors":       "true",
+			"nginx.ingress.kubernetes.io/cors-allow-origin": "https://origin-123.cors.com:8080,   ,https://origin-321.cors.com:8080,",
+		}
+
+		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
+		f.EnsureIngress(ing)
+
+		origin1 := "https://origin-123.cors.com:8080"
+		f.HTTPTestClient().
+			GET("/").
+			WithHeader("Host", host).
+			WithHeader("Origin", origin1).
+			Expect().
+			Headers().ContainsKey("Access-Control-Allow-Origin")
+
+		origin2 := "https://origin-321.cors.com:8080"
+		f.HTTPTestClient().
+			GET("/").
+			WithHeader("Host", host).
+			WithHeader("Origin", origin2).
+			Expect().
+			Status(http.StatusOK).Headers().
+			ValueEqual("Access-Control-Allow-Origin", []string{origin2})
+
+		origin3 := "https://unknown.cors.com:8080"
+		f.HTTPTestClient().
+			GET("/").
+			WithHeader("Host", host).
+			WithHeader("Origin", origin3).
+			Expect().
+			Headers().
+			NotContainsKey("Access-Control-Allow-Origin")
+	})
 })