如何解决调用API服务在降级时不会收到任何引荐来源
我有以下情况:
- 一个向REST SVC发出请求并通过Keycloak保护的Webapp
- 还通过Keycloak保护的REST SVC,其侦听端口为8080
- 正在运行的Keycloak实例
每个服务都在Kubernetes上运行。
从浏览器调用REST SVC时,我得到了Referrer-Policy: no-referrer-when-downgrade
,但还没有弄清楚为什么。
REST SVC资源文件:
---
# Source: svc/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: user-svc
labels:
helm.sh/chart: svc-0.1.0
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
---
# Source: svc/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-svc
labels:
helm.sh/chart: svc-0.1.0
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
template:
metadata:
labels:
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
spec:
imagePullSecrets:
- name: regcred
containers:
- name: user-svc
image: "hub.example.io/svc/user-svc:0.1.17"
imagePullPolicy: IfNotPresent
env:
- name: DB_USER
valueFrom:
secretKeyRef:
name: example.example-users-db.credentials.postgresql.acid.zalan.do
key: "username"
- name: DB_PW
valueFrom:
secretKeyRef:
name: example.example-users-db.credentials.postgresql.acid.zalan.do
key: "password"
- name: DB_URL
valueFrom:
configMapKeyRef:
name: example-users-db-url
key: "db_url"
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{}
---
# Source: svc/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: user-svc
labels:
helm.sh/chart: svc-0.1.0
app.kubernetes.io/name: svc
app.kubernetes.io/instance: user-svc
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
spec:
tls:
- hosts:
- "dev.user.svc.example.io"
secretName: dev-cert-staging
rules:
- host: "dev.user.svc.example.io"
http:
paths:
- path: /
backend:
serviceName: user-svc
servicePort: 80
根据文档https://www.w3.org/TR/referrer-policy/#referrer-policy-strict-origin-when-cross-origin,我必须将服务端口更改为443
才能起作用。但是我不能确定退出。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。