OSDOCS-495: Added docs for configuring additionalCORSAllowedOrigins

2026-02-05 12:46:18 +01:00 · 2019-07-17 23:13:15 -04:00
parent 047ac4a37e
commit 51dd0d8129
3 changed files with 73 additions and 1 deletions
--- a/_topic_map.yml
+++ b/_topic_map.yml
@@ -245,6 +245,9 @@ Topics:
 - Name: Syncing LDAP groups
  File: ldap-syncing
  Distros: openshift-enterprise,openshift-origin
+- Name: Allowing JavaScript-based access to the API server from additional hosts
+  File: allowing-javascript-access-api-server
+  Distros: openshift-enterprise,openshift-origin
 ---
 Name: Networking
 Dir: networking
@@ -420,7 +423,7 @@ Topics:
    File: using-images-overview
  - Name: Configuring Jenkins images
    File: images-other-jenkins
-  - Name: Jenkins agent 
+  - Name: Jenkins agent
    File: images-other-jenkins-agent
 ---
 Name: Applications
--- a/authentication/allowing-javascript-access-api-server.adoc
+++ b/authentication/allowing-javascript-access-api-server.adoc
@@ -0,0 +1,8 @@
+[id="allowing-javascript-based-access-api-server"]
+= Allowing JavaScript-based access to the API server from additional hosts
+include::modules/common-attributes.adoc[]
+:context: auth-allowed-origins
+
+toc::[]
+
+include::modules/auth-allowing-javascript-access-api-server.adoc[leveloffset=+1]
--- a/modules/auth-allowing-javascript-access-api-server.adoc
+++ b/modules/auth-allowing-javascript-access-api-server.adoc
@@ -0,0 +1,61 @@
+// Module included in the following assemblies:
+//
+// * authentication/configuring-corsallowedorigins.adoc
+
+[id="auth-allowing-javascript-access-api-server_{context}"]
+= Allowing JavaScript-based access to the API server from additional hosts
+
+The default {product-title} configuration only allows the OpenShift web console to send requests to the API server.
+
+If you need to access the API server or OAuth server from a JavaScript
+application using a different host name, you can configure additional host names
+to allow.
+
+.Prerequisites
+
+* Access to the cluster as a user with the `cluster-admin` role.
+
+.Procedure
+
+. Edit the API servers resource:
+
+----
+$ oc edit apiserver.config.openshift.io cluster
+----
+
+. Add the `additionalCORSAllowedOrigins` field under the `spec` section and
+specify one or more additional host names:
+
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1
+kind: APIServer
+metadata:
+  annotations:
+    release.openshift.io/create-only: "true"
+  creationTimestamp: "2019-07-11T17:35:37Z"
+  generation: 1
+  name: cluster
+  resourceVersion: "907"
+  selfLink: /apis/config.openshift.io/v1/apiservers/cluster
+  uid: 4b45a8dd-a402-11e9-91ec-0219944e0696
+spec:
+  additionalCORSAllowedOrigins:
+  - (?i)//my\.subdomain\.domain\.com(:|\z) <1>
+----
+<1> The host name is specified as a link:https://github.com/google/re2/wiki/Syntax[Golang regular expression] that matches
+against CORS headers from HTTP requests against the API server and OAuth server.
+
+[NOTE]
+====
+This example uses the following syntax:
+
+* The `(?i)` makes it case-insensitive.
+* The `//` pins to the beginning of the domain and matches the double slash
+following `http:` or `https:`.
+* The `\.` escapes dots in the domain name.
+* The `(:|\z)` matches the end of the domain name `(\z)` or a port separator
+`(:)`.
+====
+
+. Save the file to apply the changes.