fracek opened a new issue, #8791: URL: https://github.com/apache/apisix/issues/8791
### Current Behavior I'm using the grpc-web but it looks like out of the box it doesn't follow [the spec when it comes to cors](https://github.com/grpc/grpc-web/blob/master/doc/browser-features.md#cors-support): > Should follow the [CORS spec](https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control) (Mandatory) > > * Access-Control-Allow-Credentials to allow Authorization headers > * Access-Control-Allow-Methods to allow POST and (preflight) OPTIONS only > * Access-Control-Allow-Headers to whatever the preflight request carries The plugin doesn't set the `Access-Control-Allow-Credentials` header and the `Access-Control-Allow-Headers` value is hardcoded, so it won't include all preflight headers. The spec doesn't mention it, but for the plugin to work it also needs to add the following header: * `Access-Control-Expose-Headers` = `grpc-status,grpc-message` Or the web client won't be able to read the response grpc status or message. ### Expected Behavior The plugin should set `Access-Control-Allow-Credentials` to `true` and `Access-Control-Allow-Headers` to `http_access_control_request_headers`. It should also return `Access-Control-Expose-Headers`. ### Error Logs _No response_ ### Steps to Reproduce 1. Deploy a grpc application that requires headers to be set (for example, authentication) 2. Create an upstream for it 3. Create a route, enabling the grpc-web plugin 4. Connect to the route using the `@improbable-eng/grpc-web` client. Notice the request is blocked because of cors. ### Environment * your apisix-ingress-controller version (output of apisix-ingress-controller version --long): ``` Version: 1.6.0 Git SHA: no-git-module Go Version: go1.19.4 Building OS/Arch: linux/amd64 Running OS/Arch: linux/amd64 ``` * your Kubernetes cluster version (output of kubectl version): ``` Client Version: version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.0", GitCommit:"b46a3f887ca979b1a5d14fd39cb1af43e7e5d12d", GitTreeState:"archive", BuildDate:"1980-01-01T00:00:00Z", GoVersion:"go1.19.4", Compiler:"gc", Platform:"linux/amd64"} Kustomize Version: v4.5.7 Server Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.3", GitCommit:"434bfd82814af038ad94d62ebe59b133fcb50506", GitTreeState:"clean", BuildDate:"2022-10-25T19:35:11Z", GoVersion:"go1.19.2", Compiler:"gc", Platform:"linux/amd64"} ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
