Chapter 17. Allowing JavaScript-based access to the API server from additional hosts

Procedure

1. Edit the APIServer resource:

   $ oc edit apiserver.config.openshift.io cluster

   Copy to Clipboard Toggle word wrap

2. Add the additionalCORSAllowedOrigins field under the spec section and specify one or more additional hostnames:

   apiVersion: config.openshift.io/v1
   kind: APIServer
   metadata:
     annotations:
       release.openshift.io/create-only: "true"
     creationTimestamp: "2019-07-11T17:35:37Z"
     generation: 1
     name: cluster
     resourceVersion: "907"
     selfLink: /apis/config.openshift.io/v1/apiservers/cluster
     uid: 4b45a8dd-a402-11e9-91ec-0219944e0696
   spec:
     additionalCORSAllowedOrigins:
     - (?i)//my\.subdomain\.domain\.com(:|\z) 

   1

   Copy to Clipboard Toggle word wrap

   1

   The hostname is specified as a Golang regular expression that matches against CORS headers from HTTP requests against the API server and OAuth server.

   Note

   This example uses the following syntax:

   • The (?i) makes it case-insensitive.
   • The // pins to the beginning of the domain and matches the double slash following http: or https:.
   • The \. escapes dots in the domain name.
   • The (:|\z) matches the end of the domain name (\z) or a port separator (:).
3. Save the file to apply the changes.