Wildcards are forbidden in CORS response headers to credentialed requests rather than with allowCredentials: True

[DamianSawicki]

This is a fix of #3861 in GEP-1767. It specifies that wildcards are not allowed in CORS response headers (Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, and Access-Control-Expose-Headers) when the request is credentialed (rather than when the allowCredentials config field is true).

What type of PR is this?

/kind gep

What this PR does / why we need it:

It fixes an Issue (see below).

Which issue(s) this PR fixes:

Fixes #3861

Does this PR introduce a user-facing change?:

NONE 

[k8s-ci-robot]

Welcome @DamianSawicki!

It looks like this is your first PR to kubernetes-sigs/gateway-api 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/gateway-api has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @DamianSawicki. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[DamianSawicki]

/cc @rikatz
/cc @shaneutt

[rikatz]

/ok-to-test

[DamianSawicki]

@EyalPazz Since you reviewed #3861, could you possibly have a look at the current PR resolving it?

[EyalPazz]

Of course, i'll take a look today

[EyalPazz]

Looks Good!

[robscott]

Thanks @DamianSawicki!

[robscott]

Are you planning to update the corresponding go types in this PR or save that for a follow up?

[DamianSawicki]

Hi @robscott, thanks for review! I've just updated the Go struct, and this gave me an idea how to adjust the wording in the GEP. PTAL.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: DamianSawicki, robscott

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [robscott]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[DamianSawicki]

/retest

[k8s-ci-robot]

@DamianSawicki: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-gateway-api-verify	0650d7a	link	true	/test pull-gateway-api-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.