想实现nginx的通用跨域,不知道apisix的默认跨域插件是否满足?

[liquanzhou]

原nginx跨域配置, 想转成apisix的方式,实现不需要关心跨域设置,所有域名直接引用.
又看到apisix有默认的跨域插件,想了解是否完全满足这个nginx配置需求

set $cors_origin "";
set $cors_cred "";
set $cors_header "";
set $cors_method "";
set $cors_expose_header "";

if ($http_origin ~* '(.|https?)://(.|localhost|null|.*.xxxxxxxxx.com)/?') {
set $cors_origin $http_origin;
set $cors_cred true;
set $cors_header $http_access_control_request_headers;
set $cors_method $http_access_control_request_method;
set $cors_expose_header 'Set-Cookie';
}
add_header Access-Control-Allow-Origin $cors_origin 'always';
add_header Access-Control-Allow-Credentials $cors_cred 'always';
add_header Access-Control-Allow-Headers $cors_header;
add_header Access-Control-Allow-Methods $cors_method;
add_header Access-Control-Expose-Headers $cors_expose_header;

if ($request_method = 'OPTIONS') {
return 204;
}

[Baoyuantop]

Hi @liquanzhou, most of them are OK, except for the following two points:

1. APISIX allow_methods cannot dynamically read the client request method. Currently only supports static configuration in the plugin configuration.
2. The OPTIONS request will return 200 in the plugin code. If you want to adjust it, you need to modify the plugin code.

The CORS specification doesn't require servers to return the client's request method dynamically. Servers can return a specific request method or a fixed list of methods. Therefore, APISIX's current approach is compliant with the standard.

The CORS specification requires that the status code of the preflight response must be a 2xx success status code. But there is no specific response code.