Cors (proto)

This extension has the qualified name envoy.filters.http.cors

Note

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Tip

This extension extends and can be used with the following extension category:

This extension must be configured with one of the following type URLs:

CORS Filter configuration overview.

extensions.filters.http.cors.v3.Cors

[extensions.filters.http.cors.v3.Cors proto]

Cors filter config. Set this in ref:http_filters <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.http_filters> to enable the CORS filter.

Please note that the CorsPolicy must be configured in the RouteConfiguration as typed_per_filter_config at some level to make the filter work.

extensions.filters.http.cors.v3.CorsPolicy

[extensions.filters.http.cors.v3.CorsPolicy proto]

Per route configuration for the CORS filter. This configuration should be configured in the RouteConfiguration as typed_per_filter_config at some level to make the filter work.

{
  "allow_origin_string_match": [],
  "allow_methods": ...,
  "allow_headers": ...,
  "expose_headers": ...,
  "max_age": ...,
  "allow_credentials": {...},
  "filter_enabled": {...},
  "shadow_enabled": {...},
  "allow_private_network_access": {...},
  "forward_not_matching_preflights": {...}
}
allow_origin_string_match

(repeated type.matcher.v3.StringMatcher) Specifies string patterns that match allowed origins. An origin is allowed if any of the string matchers match.

allow_methods

(string) Specifies the content for the access-control-allow-methods header.

allow_headers

(string) Specifies the content for the access-control-allow-headers header.

expose_headers

(string) Specifies the content for the access-control-expose-headers header.

max_age

(string) Specifies the content for the access-control-max-age header.

allow_credentials

(BoolValue) Specifies whether the resource allows credentials.

filter_enabled

(config.core.v3.RuntimeFractionalPercent) Specifies the % of requests for which the CORS filter is enabled.

If neither filter_enabled, nor shadow_enabled are specified, the CORS filter will be enabled for 100% of the requests.

If runtime_key is specified, Envoy will lookup the runtime key to get the percentage of requests to filter.

shadow_enabled

(config.core.v3.RuntimeFractionalPercent) Specifies the % of requests for which the CORS policies will be evaluated and tracked, but not enforced.

This field is intended to be used when filter_enabled is off. That field have to explicitly disable the filter in order for this setting to take effect.

If runtime_key is specified, Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate and track the request’s Origin to determine if it’s valid but will not enforce any policies.

allow_private_network_access

(BoolValue) Specify whether allow requests whose target server’s IP address is more private than that from which the request initiator was fetched.

More details refer to https://developer.chrome.com/blog/private-network-access-preflight.

forward_not_matching_preflights

(BoolValue) Specifies if preflight requests not matching the configured allowed origin should be forwarded to the upstream. Default is true.