英文:
Cross-Origin Read Blocking (CORB) occurs when setting notpaths config in istio authorization policy
问题
我正在进行Istio配置,以构建自动授权系统。
我使用oauth2-proxy进行外部授权,使用dex进行OICD。
我必须避免对某些子地址进行授权检查,所以我在授权策略中设置了notPaths选项。
但是每次我设置notPaths选项时,网页都会变成空白白页,而不是显示正确的页面。控制台显示CORB警告标志。
我不知道为什么会发生这种情况。
以下是我的授权策略、网关和虚拟服务配置。
apiVersion: security.istio.io/v1beta1kind: AuthorizationPolicymetadata:name: oauth-policynamespace: istio-systemspec:selector:matchLabels:istio: ingressgatewayaction: CUSTOMprovider:name: "oauth2-proxy"rules:- to:- operation:hosts:- "my.domain.com"notPaths:- "/main*"---apiVersion: networking.istio.io/v1alpha3kind: Gatewaymetadata:name: cm-gatewaynamespace: cm-tempspec:selector:istio: ingressgateway # use Istio default gateway implementationservers:- port:number: 80name: httpprotocol: HTTPhosts:- "my.domain.com"---apiVersion: networking.istio.io/v1alpha3kind: VirtualServicemetadata:name: cm-vsnamespace: cm-tempspec:hosts:- "my.domain.com"gateways:- cm-gatewayhttp:- match:- uri:prefix: /apiroute:- destination:host: cm-be-svcport:number: 5000- match:- uri:prefix: /route:- destination:host: cm-fe-svcport:number: 80
英文:
i'm working on istio configuration to build automatic authorization system.
I use oauth2-proxy for external authorization and dex for OICD.
I have to avoid authorization check for certain sub adress, so I set notPaths option in authorization policy.
But every time I set the notPaths option, the web goes blank white page instead of display proper page. And console shows CORB warning sign.
I don't have any clue why this heppens.
here is my authorization policy and gateway, virtual service configuration.
apiVersion: security.istio.io/v1beta1kind: AuthorizationPolicymetadata:name: oauth-policynamespace: istio-systemspec:selector:matchLabels:istio: ingressgatewayaction: CUSTOMprovider:name: "oauth2-proxy"rules:- to:- operation:hosts:- "my.domain.com"notPaths:- "/main*"---apiVersion: networking.istio.io/v1alpha3kind: Gatewaymetadata:name: cm-gatewaynamespace: cm-tempspec:selector:istio: ingressgateway # use Istio default gateway implementationservers:- port:number: 80name: httpprotocol: HTTPhosts:- "my.domain.com"---apiVersion: networking.istio.io/v1alpha3kind: VirtualServicemetadata:name: cm-vsnamespace: cm-tempspec:hosts:- "my.domain.com"gateways:- cm-gatewayhttp:- match:- uri:prefix: /apiroute:- destination:host: cm-be-svcport:number: 5000- match:- uri:prefix: /route:- destination:host: cm-fe-svcport:number: 80
答案1
得分: -1
这是授权策略配置问题。
我使用React来显示页面,由于我没有添加其子地址,所以首页的地址被阻止了。
我将子地址添加到了授权策略中,然后它就起作用了。
apiVersion: security.istio.io/v1beta1kind: AuthorizationPolicymetadata:name: oauth-policynamespace: istio-systemspec:selector:matchLabels:istio: ingressgatewayaction: CUSTOMprovider:name: "oauth2-proxy"rules:- to:- operation:hosts:- "my.domain.com"notPaths:- "/main*"- "/index*"- "/favicon*"
英文:
It was the authorization policy config problem.
I use react to display page, and the address of index page was blocked cuz i didn't add the sub address of it.
i add the sub address to auth policy and it worked.
apiVersion: security.istio.io/v1beta1kind: AuthorizationPolicymetadata:name: oauth-policynamespace: istio-systemspec:selector:matchLabels:istio: ingressgatewayaction: CUSTOMprovider:name: "oauth2-proxy"rules:- to:- operation:hosts:- "my.domain.com"notPaths:- "/main*"- "/index*"- "/favicon*"
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论