|
|
|
@ -2,6 +2,11 @@ syntax = "proto3"; |
|
|
|
|
|
|
|
|
|
package envoy.extensions.filters.http.cors.v3; |
|
|
|
|
|
|
|
|
|
import "envoy/config/core/v3/base.proto"; |
|
|
|
|
import "envoy/type/matcher/v3/string.proto"; |
|
|
|
|
|
|
|
|
|
import "google/protobuf/wrappers.proto"; |
|
|
|
|
|
|
|
|
|
import "udpa/annotations/status.proto"; |
|
|
|
|
import "udpa/annotations/versioning.proto"; |
|
|
|
|
|
|
|
|
@ -20,3 +25,51 @@ message Cors { |
|
|
|
|
option (udpa.annotations.versioning).previous_message_type = |
|
|
|
|
"envoy.config.filter.http.cors.v2.Cors"; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// [#next-free-field: 10] |
|
|
|
|
message CorsPolicy { |
|
|
|
|
// Specifies string patterns that match allowed origins. An origin is allowed if any of the |
|
|
|
|
// string matchers match. |
|
|
|
|
repeated type.matcher.v3.StringMatcher allow_origin_string_match = 1; |
|
|
|
|
|
|
|
|
|
// Specifies the content for the ``access-control-allow-methods`` header. |
|
|
|
|
string allow_methods = 2; |
|
|
|
|
|
|
|
|
|
// Specifies the content for the ``access-control-allow-headers`` header. |
|
|
|
|
string allow_headers = 3; |
|
|
|
|
|
|
|
|
|
// Specifies the content for the ``access-control-expose-headers`` header. |
|
|
|
|
string expose_headers = 4; |
|
|
|
|
|
|
|
|
|
// Specifies the content for the ``access-control-max-age`` header. |
|
|
|
|
string max_age = 5; |
|
|
|
|
|
|
|
|
|
// Specifies whether the resource allows credentials. |
|
|
|
|
google.protobuf.BoolValue allow_credentials = 6; |
|
|
|
|
|
|
|
|
|
// Specifies the % of requests for which the CORS filter is enabled. |
|
|
|
|
// |
|
|
|
|
// If neither ``filter_enabled``, nor ``shadow_enabled`` are specified, the CORS |
|
|
|
|
// filter will be enabled for 100% of the requests. |
|
|
|
|
// |
|
|
|
|
// If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is |
|
|
|
|
// specified, Envoy will lookup the runtime key to get the percentage of requests to filter. |
|
|
|
|
config.core.v3.RuntimeFractionalPercent filter_enabled = 7; |
|
|
|
|
|
|
|
|
|
// Specifies the % of requests for which the CORS policies will be evaluated and tracked, but not |
|
|
|
|
// enforced. |
|
|
|
|
// |
|
|
|
|
// This field is intended to be used when ``filter_enabled`` is off. That field have to explicitly disable |
|
|
|
|
// the filter in order for this setting to take effect. |
|
|
|
|
// |
|
|
|
|
// If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified, |
|
|
|
|
// Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate |
|
|
|
|
// and track the request's ``Origin`` to determine if it's valid but will not enforce any policies. |
|
|
|
|
config.core.v3.RuntimeFractionalPercent shadow_enabled = 8; |
|
|
|
|
|
|
|
|
|
// Specify whether allow requests whose target server's IP address is more private than that from |
|
|
|
|
// which the request initiator was fetched. |
|
|
|
|
// |
|
|
|
|
// More details refer to https://developer.chrome.com/blog/private-network-access-preflight. |
|
|
|
|
google.protobuf.BoolValue allow_private_network_access = 9; |
|
|
|
|
} |
|
|
|
|