New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cors: do not forwarded preflight request if the origin is not allowed #50452
base: master
Are you sure you want to change the base?
Conversation
IMO, we should not introduce a behavioural change unless it is a bug fix, at the very least we should have a feature flag or introduce the flag in the api |
I'm asking what's the best choice, feature flag or api change, or let it be? |
Do we have a motivation for this from users? It seems like (without more context) Envoy made a change and we are just copying it without an user demand? |
this is a request from our customer, we fixed it in our fork, and want to backport to upstream. |
We cannot simply set it for older proxy |
if a new pilot feature flag acceptable? |
The correct behavior should be not forwarding non matching preflights. Here we should add a check for proxy version, and only set this field for 1.22? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why does the envoy side talk about "forwarding" but the PR talks about modifying response headers?
But generally if we are making a breaking change |
Is there prior art in other gateway implementations? |
miss with other stuffs
compatibilityVersion is good to me, or a pilot feature flag?
this's a new API, AFAIK only EnvoyGateway change it. |
I don't mean in Envoy I mean in the broader ecosystem of Cors. So far looks like Kong makes it configurable |
After some investigation, nginx base proxy make it configurable, didn't find too much info about HAProxy. |
@howardjohn @ramaraochavali @hzxuzhonghu do you agree with use feature flag for this? |
I am ok |
I am also OK as long as we have path forward to remove this via a proper API/making it default behaviour. If our long term plan is API, should we just go ahead with API now? What do you plan to set the default value to be? |
My 2c:
|
Personally, I tend to take As all these trade off, is a API change acceptable? If so, I will do that after 1.22 branch cutted. |
My preference would be API and doing it now (without feature flag after 1.22 branch cut) |
Please provide a description of this PR:
API: istio/api#3171
Related to envoyproxy/envoy#33051