-
Notifications
You must be signed in to change notification settings - Fork 4.6k
/
cors.proto
86 lines (69 loc) · 3.84 KB
/
cors.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
syntax = "proto3";
package envoy.extensions.filters.http.cors.v3;
import "envoy/config/core/v3/base.proto";
import "envoy/type/matcher/v3/string.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
option java_package = "io.envoyproxy.envoy.extensions.filters.http.cors.v3";
option java_outer_classname = "CorsProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3;corsv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Cors]
// CORS Filter :ref:`configuration overview <config_http_filters_cors>`.
// [#extension: envoy.filters.http.cors]
// Cors filter config. Set this in
// ref:`http_filters <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.http_filters>`
// to enable the CORS filter.
//
// Please note that the :ref:`CorsPolicy <envoy_v3_api_msg_extensions.filters.http.cors.v3.CorsPolicy>`
// must be configured in the ``RouteConfiguration`` as ``typed_per_filter_config`` at some level to make the filter work.
message Cors {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.http.cors.v2.Cors";
}
// Per route configuration for the CORS filter. This configuration should be configured in the ``RouteConfiguration`` as ``typed_per_filter_config`` at some level to
// make the filter work.
// [#next-free-field: 11]
message CorsPolicy {
// Specifies string patterns that match allowed origins. An origin is allowed if any of the
// string matchers match.
repeated type.matcher.v3.StringMatcher allow_origin_string_match = 1;
// Specifies the content for the ``access-control-allow-methods`` header.
string allow_methods = 2;
// Specifies the content for the ``access-control-allow-headers`` header.
string allow_headers = 3;
// Specifies the content for the ``access-control-expose-headers`` header.
string expose_headers = 4;
// Specifies the content for the ``access-control-max-age`` header.
string max_age = 5;
// Specifies whether the resource allows credentials.
google.protobuf.BoolValue allow_credentials = 6;
// Specifies the % of requests for which the CORS filter is enabled.
//
// If neither ``filter_enabled``, nor ``shadow_enabled`` are specified, the CORS
// filter will be enabled for 100% of the requests.
//
// If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is
// specified, Envoy will lookup the runtime key to get the percentage of requests to filter.
config.core.v3.RuntimeFractionalPercent filter_enabled = 7;
// Specifies the % of requests for which the CORS policies will be evaluated and tracked, but not
// enforced.
//
// This field is intended to be used when ``filter_enabled`` is off. That field have to explicitly disable
// the filter in order for this setting to take effect.
//
// If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified,
// Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate
// and track the request's ``Origin`` to determine if it's valid but will not enforce any policies.
config.core.v3.RuntimeFractionalPercent shadow_enabled = 8;
// Specify whether allow requests whose target server's IP address is more private than that from
// which the request initiator was fetched.
//
// More details refer to https://developer.chrome.com/blog/private-network-access-preflight.
google.protobuf.BoolValue allow_private_network_access = 9;
// Specifies if preflight requests not matching the configured allowed origin should be forwarded
// to the upstream. Default is true.
google.protobuf.BoolValue forward_not_matching_preflights = 10;
}