nginx.ingress.kubernetes.io/cors-allow-origin ignores "null"

[mike-pt]

I setup 2 ingress resources, one is a redirect and the other is a normal ingresss with hosts rules.

Due to the nature of the 301 the browser will send the next request with "Origin: null"

I tried adding null to nginx.ingress.kubernetes.io/cors-allow-origin

    nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS
    nginx.ingress.kubernetes.io/cors-allow-origin: null
    nginx.ingress.kubernetes.io/enable-cors: true
    nginx.ingress.kubernetes.io/force-ssl-redirect: true

However this seem to be ingnored entierly

I fact I did:

    nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS
    nginx.ingress.kubernetes.io/cors-allow-origin: null, https://test.example.org
    nginx.ingress.kubernetes.io/enable-cors: true
    nginx.ingress.kubernetes.io/force-ssl-redirect: true

And the example.org hosts shows in nginx.conf on the "http_origin" section, null does not.

Is this by design?

[k8s-ci-robot]

@mike-pt: This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[longwuyuan]

/help

[cleverhu]

I found that the cor host only support the regexp of:corsOriginRegex = regexp.MustCompile(^(https?://(*.)?[A-Za-z0-9-.]*(:[0-9]+)?|*)?$), so the null will be no effect.

[longwuyuan]

@cleverhu thank you very much.
I am not a developer so asking that layman reason is either origin must be "*" or must match the host being used in request. Is this correct ?

cc @mike-pt

[longwuyuan]

/remove-kind bug

[longwuyuan]

/kind support

[cleverhu]

@cleverhu thank you very much.

I am not a developer so asking that layman reason is either origin must be "*" or must match the host being used in request. Is this correct ?

cc @mike-pt

It looks like this in the code, and only these two cases can be identified.