CORS¶
This is a filter which handles Cross-Origin Resource Sharing requests based on route or virtual host settings. For the meaning of the headers please refer to the pages below.
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
- https://www.w3.org/TR/cors/
- v2 API reference
- This filter should be configured with the name envoy.cors.
Runtime¶
The CORS filter supports the following RuntimeFractionalPercent settings:
- filter_enabled
The % of requests for which the filter is enabled. The default is 100/HUNDRED.
To utilize runtime to enable/disable the CORS filter set the runtime_key value of the filter_enabled field.
Note
If present, this will override the enabled field of the configuration.
- shadow_enabled
The % of requests for which the filter is enabled in shadow only mode. Default is 0. If present, this will evaluate a request’s Origin to determine if it’s valid but will not enforce any policies.
To utilize runtime to enable/disable the CORS filter’s shadow mode set the runtime_key value of the shadow_enabled field.
To determine if the filter and/or shadow mode are enabled you can check the runtime
values via the admin panel at GET /runtime
.
Note
If both filter_enabled
and shadow_enabled
are on, the filter_enabled
flag will take precedence.
Statistics¶
The CORS filter outputs statistics in the <stat_prefix>.cors.* namespace.
Note
Requests that do not have an Origin header will be omitted from statistics.
Name | Type | Description |
---|---|---|
origin_valid | Counter | Number of requests that have a valid Origin header. |
origin_invalid | Counter | Number of requests that have an invalid Origin header. |