fix(dex): Allow cors

2026-03-14 17:26:40 +01:00
parent 0b2119b769
commit cd2280b5ed
1 changed files with 7 additions and 1 deletions
@@ -14,7 +14,7 @@ config:
        mode: disable
  web:
    http: 0.0.0.0:5556
-    allowedOrigins: ["*"]
+    # CORS is handled by nginx ingress annotations below instead of at the application level
  frontend:
    # theme: light
    theme: coreos
@@ -159,6 +159,12 @@ ingress:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    # CORS: allow browser-based OIDC flows (e.g. token introspection, JWKS fetch)
+    # TODO: migrate to Gateway API HTTPRoute with ResponseHeaderModifier filter when cilium gateway supports it cluster-wide
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/cors-allow-origin: "*"
+    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, OPTIONS"
+    nginx.ingress.kubernetes.io/cors-allow-headers: "Authorization, Content-Type"
  hosts:
    - host: auth.adm.oceanbox.io
      paths: