CORS

This is a filter which handles Cross-Origin Resource Sharing requests based on route or virtual host settings. For the meaning of the headers please refer to the pages below.

Runtime

The CORS filter supports the following RuntimeFractionalPercent settings:

filter_enabled

The % of requests for which the filter is enabled. The default is 100/HUNDRED.

To utilize runtime to enable/disable the CORS filter set the runtime_key value of the filter_enabled field.

Note

If present, this will override the enabled field of the configuration.

shadow_enabled

The % of requests for which the filter is enabled in shadow only mode. Default is 0. If present, this will evaluate a request’s Origin to determine if it’s valid but will not enforce any policies.

To utilize runtime to enable/disable the CORS filter’s shadow mode set the runtime_key value of the shadow_enabled field.

To determine if the filter and/or shadow mode are enabled you can check the runtime values via the admin panel at GET /runtime.

Note

If both filter_enabled and shadow_enabled are on, the filter_enabled flag will take precedence.

Statistics

The CORS filter outputs statistics in the <stat_prefix>.cors.* namespace.

Note

Requests that do not have an Origin header will be omitted from statistics.

Name Type Description
origin_valid Counter Number of requests that have a valid Origin header.
origin_invalid Counter Number of requests that have an invalid Origin header.