This is a filter which handles Cross-Origin Resource Sharing requests based on route or virtual host settings. For the meaning of the headers please refer to the pages below.
- v2 API reference
- This filter should be configured with the name envoy.cors.
The CORS filter supports the following RuntimeFractionalPercent settings:
The % of requests for which the filter is enabled. The default is 100/HUNDRED.
To utilize runtime to enable/disable the CORS filter set the runtime_key value of the filter_enabled field.
If present, this will override the enabled field of the configuration.
The % of requests for which the filter is enabled in shadow only mode. Default is 0. If present, this will evaluate a request’s Origin to determine if it’s valid but will not enforce any policies.
To utilize runtime to enable/disable the CORS filter’s shadow mode set the runtime_key value of the shadow_enabled field.
To determine if the filter and/or shadow mode are enabled you can check the runtime
values via the admin panel at
shadow_enabled are on, the
flag will take precedence.
The CORS filter outputs statistics in the <stat_prefix>.cors.* namespace.
Requests that do not have an Origin header will be omitted from statistics.
|origin_valid||Counter||Number of requests that have a valid Origin header.|
|origin_invalid||Counter||Number of requests that have an invalid Origin header.|