英文:
Cross-Origin Read Blocking (CORB) occurs when setting notpaths config in istio authorization policy
问题
我正在进行Istio配置,以构建自动授权系统。
我使用oauth2-proxy进行外部授权,使用dex进行OICD。
我必须避免对某些子地址进行授权检查,所以我在授权策略中设置了notPaths选项。
但是每次我设置notPaths选项时,网页都会变成空白白页,而不是显示正确的页面。控制台显示CORB警告标志。
我不知道为什么会发生这种情况。
以下是我的授权策略、网关和虚拟服务配置。
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: oauth-policy
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: CUSTOM
provider:
name: "oauth2-proxy"
rules:
- to:
- operation:
hosts:
- "my.domain.com"
notPaths:
- "/main*"
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: cm-gateway
namespace: cm-temp
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "my.domain.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: cm-vs
namespace: cm-temp
spec:
hosts:
- "my.domain.com"
gateways:
- cm-gateway
http:
- match:
- uri:
prefix: /api
route:
- destination:
host: cm-be-svc
port:
number: 5000
- match:
- uri:
prefix: /
route:
- destination:
host: cm-fe-svc
port:
number: 80
英文:
i'm working on istio configuration to build automatic authorization system.
I use oauth2-proxy for external authorization and dex for OICD.
I have to avoid authorization check for certain sub adress, so I set notPaths option in authorization policy.
But every time I set the notPaths option, the web goes blank white page instead of display proper page. And console shows CORB warning sign.
I don't have any clue why this heppens.
here is my authorization policy and gateway, virtual service configuration.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: oauth-policy
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: CUSTOM
provider:
name: "oauth2-proxy"
rules:
- to:
- operation:
hosts:
- "my.domain.com"
notPaths:
- "/main*"
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: cm-gateway
namespace: cm-temp
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "my.domain.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: cm-vs
namespace: cm-temp
spec:
hosts:
- "my.domain.com"
gateways:
- cm-gateway
http:
- match:
- uri:
prefix: /api
route:
- destination:
host: cm-be-svc
port:
number: 5000
- match:
- uri:
prefix: /
route:
- destination:
host: cm-fe-svc
port:
number: 80
答案1
得分: -1
这是授权策略配置问题。
我使用React来显示页面,由于我没有添加其子地址,所以首页的地址被阻止了。
我将子地址添加到了授权策略中,然后它就起作用了。
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: oauth-policy
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: CUSTOM
provider:
name: "oauth2-proxy"
rules:
- to:
- operation:
hosts:
- "my.domain.com"
notPaths:
- "/main*"
- "/index*"
- "/favicon*"
英文:
It was the authorization policy config problem.
I use react to display page, and the address of index page was blocked cuz i didn't add the sub address of it.
i add the sub address to auth policy and it worked.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: oauth-policy
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: CUSTOM
provider:
name: "oauth2-proxy"
rules:
- to:
- operation:
hosts:
- "my.domain.com"
notPaths:
- "/main*"
- "/index*"
- "/favicon*"
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论