From f7e3e8ceebc586bd988b1a232632a00db29418b7 Mon Sep 17 00:00:00 2001
From: Adam Sunderland <adam@kittycad.io>
Date: Sat, 23 Mar 2024 08:33:30 -0400
Subject: [PATCH] Update docs and add e2e test

---
 internal/ingress/annotations/cors/main.go |  5 ++--
 test/e2e/annotations/cors.go              | 29 +++++++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/internal/ingress/annotations/cors/main.go b/internal/ingress/annotations/cors/main.go
index aa03c2d73289..b815148203e8 100644
--- a/internal/ingress/annotations/cors/main.go
+++ b/internal/ingress/annotations/cors/main.go
@@ -78,8 +78,9 @@ var corsAnnotation = parser.Annotation{
 			Scope:     parser.AnnotationScopeIngress,
 			Risk:      parser.AnnotationRiskMedium,
 			Documentation: `This annotation controls what's the accepted Origin for CORS.
-			This is a multi-valued field, separated by ','. It must follow this format: http(s)://origin-site.com or http(s)://origin-site.com:port
-			It also supports single level wildcard subdomains and follows this format: http(s)://*.foo.bar, http(s)://*.bar.foo:8080 or http(s)://*.abc.bar.foo:9000`,
+			This is a multi-valued field, separated by ','. It must follow this format: protocol://origin-site.com or protocol://origin-site.com:port
+			It also supports single level wildcard subdomains and follows this format: https://*.foo.bar, http://*.bar.foo:8080 or myprotocol://*.abc.bar.foo:9000
+			Protocol can be any lowercase string, like http, https, or mycustomprotocol.`,
 		},
 		corsAllowHeadersAnnotation: {
 			Validator: parser.ValidateRegex(parser.HeadersVariable, true),
diff --git a/test/e2e/annotations/cors.go b/test/e2e/annotations/cors.go
index a14a5761fdc6..58f4445f7009 100644
--- a/test/e2e/annotations/cors.go
+++ b/test/e2e/annotations/cors.go
@@ -669,4 +669,33 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 			Headers().
 			NotContainsKey("Access-Control-Allow-Origin")
 	})
+
+	ginkgo.It("should allow - origins with non-http[s] protocols", func() {
+		host := corsHost
+		origin := "test://localhost"
+		origin2 := "tauri://localhost:3000"
+		annotations := map[string]string{
+			"nginx.ingress.kubernetes.io/enable-cors":       "true",
+			"nginx.ingress.kubernetes.io/cors-allow-origin": "test://localhost, tauri://localhost:3000",
+		}
+
+		ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
+		f.EnsureIngress(ing)
+
+		f.HTTPTestClient().
+			GET("/").
+			WithHeader("Host", host).
+			WithHeader("Origin", origin).
+			Expect().
+			Status(http.StatusOK).Headers().
+			ValueEqual("Access-Control-Allow-Origin", []string{"test://localhost"})
+
+		f.HTTPTestClient().
+			GET("/").
+			WithHeader("Host", host).
+			WithHeader("Origin", origin2).
+			Expect().
+			Status(http.StatusOK).Headers().
+			ValueEqual("Access-Control-Allow-Origin", []string{"tauri://localhost:3000"})
+	})
 })