Dgraph server adds CORS headers and responds to pre-flight. We rely on those features at tour.dgraph.io for example. What else do you need for your use case?
[Error] Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin.
[Error] Failed to load resource: Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin. (keywords, line 0)
[Error] Fetch API cannot load http://localhost:8080/api/v1/namespaces/dgraph/services/dgraph-server:8080/proxy/ui/keywords?debug=true. Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin.
[Error] Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin.
[Error] Failed to load resource: Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin. (health, line 0)
[Error] Fetch API cannot load http://localhost:8080/api/v1/namespaces/dgraph/services/dgraph-server:8080/proxy/health?debug=true. Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin.
I’m not sure you can blame dgraph here - it’s doing its job by sending the headers. we can’t ban middlemen from stripping them, in most cases we don’t even know if middlemen are there
I’m not very familiar with k8s, are you using one of our official dgraph-<somehing>.yaml config files or running your own config with extra proxy settings?