CORS¶
This is a filter which handles Cross-Origin Resource Sharing requests based on route or virtual host settings. For the meaning of the headers please refer to the pages below.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
This filter should be configured with the name envoy.filters.http.cors.
Runtime¶
The fraction of requests for which the filter is enabled can be configured via the runtime_key value of the filter_enabled field.
The fraction of requests for which the filter is enabled in shadow-only mode can be configured via the runtime_key value of the shadow_enabled field. When enabled in shadow-only mode, the filter will evaluate the request’s Origin to determine if it’s valid but will not enforce any policies.
Note
If both filter_enabled
and shadow_enabled
are on, the filter_enabled
flag will take precedence.
Statistics¶
The CORS filter outputs statistics in the <stat_prefix>.cors.* namespace.
Note
Requests that do not have an Origin header will be omitted from statistics.
Name |
Type |
Description |
---|---|---|
origin_valid |
Counter |
Number of requests that have a valid Origin header. |
origin_invalid |
Counter |
Number of requests that have an invalid Origin header. |