-
Notifications
You must be signed in to change notification settings - Fork 4.8k
/
csrf.proto
54 lines (45 loc) · 2.18 KB
/
csrf.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
syntax = "proto3";
package envoy.extensions.filters.http.csrf.v3;
import "envoy/config/core/v3/base.proto";
import "envoy/type/matcher/v3/string.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.filters.http.csrf.v3";
option java_outer_classname = "CsrfProto";
option java_multiple_files = true;
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: CSRF]
// Cross-Site Request Forgery :ref:`configuration overview <config_http_filters_csrf>`.
// [#extension: envoy.filters.http.csrf]
// CSRF filter config.
message CsrfPolicy {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.http.csrf.v2.CsrfPolicy";
// Specifies the % of requests for which the CSRF filter is enabled.
//
// If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified,
// Envoy will lookup the runtime key to get the percentage of requests to filter.
//
// .. note::
//
// This field defaults to 100/:ref:`HUNDRED
// <envoy_v3_api_enum_type.v3.FractionalPercent.DenominatorType>`.
config.core.v3.RuntimeFractionalPercent filter_enabled = 1
[(validate.rules).message = {required: true}];
// Specifies that CSRF policies will be evaluated and tracked, but not enforced.
//
// This is intended to be used when ``filter_enabled`` is off and will be ignored otherwise.
//
// If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified,
// Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate
// and track the request's *Origin* and *Destination* to determine if it's valid, but will not
// enforce any policies.
config.core.v3.RuntimeFractionalPercent shadow_enabled = 2;
// Specifies additional source origins that will be allowed in addition to
// the destination origin.
//
// More information on how this can be configured via runtime can be found
// :ref:`here <csrf-configuration>`.
repeated type.matcher.v3.StringMatcher additional_origins = 3;
}