CORS

This is a filter which handles Cross-Origin Resource Sharing requests based on route or virtual host settings. For the meaning of the headers please refer to the pages below.

Runtime

The fraction of requests for which the filter is enabled can be configured via the runtime_key value of the filter_enabled field.

The fraction of requests for which the filter is enabled in shadow-only mode can be configured via the runtime_key value of the shadow_enabled field. When enabled in shadow-only mode, the filter will evaluate the request’s Origin to determine if it’s valid but will not enforce any policies.

Note

If both filter_enabled and shadow_enabled are on, the filter_enabled flag will take precedence.

Statistics

The CORS filter outputs statistics in the <stat_prefix>.cors.* namespace.

Note

Requests that do not have an Origin header will be omitted from statistics.

Name

Type

Description

origin_valid

Counter

Number of requests that have a valid Origin header.

origin_invalid

Counter

Number of requests that have an invalid Origin header.