Cors (proto)
This extension has the qualified name envoy.filters.http.cors
Note
This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.
Tip
This extension extends and can be used with the following extension category:
This extension must be configured with one of the following type URLs:
CORS Filter configuration overview.
extensions.filters.http.cors.v3.Cors
[extensions.filters.http.cors.v3.Cors proto]
Cors filter config.
extensions.filters.http.cors.v3.CorsPolicy
[extensions.filters.http.cors.v3.CorsPolicy proto]
{
"allow_origin_string_match": [],
"allow_methods": ...,
"allow_headers": ...,
"expose_headers": ...,
"max_age": ...,
"allow_credentials": {...},
"filter_enabled": {...},
"shadow_enabled": {...},
"allow_private_network_access": {...}
}
- allow_origin_string_match
(repeated type.matcher.v3.StringMatcher) Specifies string patterns that match allowed origins. An origin is allowed if any of the string matchers match.
- allow_methods
(string) Specifies the content for the
access-control-allow-methods
header.
- allow_headers
(string) Specifies the content for the
access-control-allow-headers
header.
- expose_headers
(string) Specifies the content for the
access-control-expose-headers
header.
- max_age
(string) Specifies the content for the
access-control-max-age
header.
- allow_credentials
(BoolValue) Specifies whether the resource allows credentials.
- filter_enabled
(config.core.v3.RuntimeFractionalPercent) Specifies the % of requests for which the CORS filter is enabled.
If neither
filter_enabled
, norshadow_enabled
are specified, the CORS filter will be enabled for 100% of the requests.If runtime_key is specified, Envoy will lookup the runtime key to get the percentage of requests to filter.
- shadow_enabled
(config.core.v3.RuntimeFractionalPercent) Specifies the % of requests for which the CORS policies will be evaluated and tracked, but not enforced.
This field is intended to be used when
filter_enabled
is off. That field have to explicitly disable the filter in order for this setting to take effect.If runtime_key is specified, Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate and track the request’s
Origin
to determine if it’s valid but will not enforce any policies.
- allow_private_network_access
(BoolValue) Specify whether allow requests whose target server’s IP address is more private than that from which the request initiator was fetched.
More details refer to https://developer.chrome.com/blog/private-network-access-preflight.