Navigation :
Getting Started
What is Gloo Gateway?
Setup
Guides
Operations
Reference
-
Open Source Attribution
-
API Reference
-- address.proto
-- address.proto
-- advanced_http.proto
-- advanced_http.proto
-- ai.proto
-- als.proto
-- annotations.proto
-- any.proto
-- api.proto
-- apple_dns_resolver.proto
-- artifact.proto
-- authority.proto
-- aws.proto
-- aws_ec2.proto
-- azure.proto
-- backoff.proto
-- base.proto
-- base.proto
-- buffer.proto
-- caching.proto
-- cares_dns_resolver.proto
-- cidr.proto
-- cipher_detection_input.proto
-- circuit_breaker.proto
-- cluster.proto
-- config.proto
-- config.proto
-- connection.proto
-- connection_limit.proto
-- consul.proto
-- context_params.proto
-- core.proto
-- cors.proto
-- csrf.proto
-- custom_tag.proto
-- datadog.proto
-- deprecation.proto
-- descriptor.proto
-- discovery.proto
-- dlp.proto
-- domain.proto
-- duration.proto
-- dynamic_forward_proxy.proto
-- empty.proto
-- endpoint.proto
-- envoy.glooe.solo.io.project
-- envoy_glooe_solo_io.project
-- event_service_config.proto
-- ext.proto
-- extauth.proto
-- extension.proto
-- extension.proto
-- extensions.proto
-- external_options.proto
-- external_processor.proto
-- extproc.proto
-- failover.proto
-- failover.proto
-- fault.proto
-- field_mask.proto
-- filter.proto
-- gateway.proto
-- gateway.solo.io.project
-- gateway_solo_io.project
-- gcp.proto
-- gloo.solo.io.project
-- gloo_solo_io.project
-- gloo_validation.proto
-- glooe.solo.io.project
-- glooe_solo_io.project
-- graphql.proto
-- graphql.proto
-- graphql.proto
-- grpc.proto
-- grpc_json.proto
-- grpc_output_sink.proto
-- grpc_service.proto
-- grpc_web.proto
-- gzip.proto
-- hcm.proto
-- header_validation.proto
-- headers.proto
-- health_check.proto
-- health_check.proto
-- healthcheck.proto
-- http.proto
-- http.proto
-- http_gateway.proto
-- http_inputs.proto
-- http_output_sink.proto
-- http_path.proto
-- http_status.proto
-- http_uri.proto
-- http_uri.proto
-- ingress.proto
-- instance.proto
-- ip.proto
-- jwt.proto
-- kubernetes.proto
-- lbhash.proto
-- load_balancer.proto
-- local_ratelimit.proto
-- matchable_http_gateway.proto
-- matchable_tcp_gateway.proto
-- matcher.proto
-- matchers.proto
-- metadata.proto
-- metadata.proto
-- metrics.proto
-- migrate.proto
-- migrate.proto
-- mutation_rules.proto
-- opencensus.proto
-- opentelemetry.proto
-- options.proto
-- orca.proto
-- outlier_detection.proto
-- parameters.proto
-- percent.proto
-- percent.proto
-- pipe.proto
-- placement.proto
-- processing_mode.proto
-- protocol.proto
-- protocol_upgrade.proto
-- proxy.proto
-- proxy_endpoint.proto
-- proxy_protocol.proto
-- proxy_protocol.proto
-- proxy_protocol.proto
-- proxylatency.proto
-- proxyprotocol.proto
-- query_options.proto
-- query_options.proto
-- range.proto
-- range.proto
-- range.proto
-- range.proto
-- ratelimit.proto
-- ratelimit.proto
-- ratelimit.proto
-- rbac.proto
-- ref.proto
-- regex.proto
-- regex.proto
-- resolver.proto
-- resource.proto
-- resource_locator.proto
-- resource_name.proto
-- rest.proto
-- retries.proto
-- route.proto
-- route_components.proto
-- route_table.proto
-- router.proto
-- sanitize.proto
-- secret.proto
-- security.proto
-- selectors.proto
-- semantic_version.proto
-- semantic_version.proto
-- sensitive.proto
-- sensitive.proto
-- server_name_matcher.proto
-- service.proto
-- service_spec.proto
-- settings.proto
-- shadowing.proto
-- snap.proto
-- socket_option.proto
-- socket_option.proto
-- solo-discovery-service.proto
-- solo-kit.proto
-- solo_jwt_authn.proto
-- solo_xff_offset_filter.proto
-- source_context.proto
-- ssl.proto
-- ssl.proto
-- stages.proto
-- stateful_session.proto
-- statefulsession.proto
-- statefulsession.proto
-- static.proto
-- stats.proto
-- status.proto
-- status.proto
-- status.proto
-- status.proto
-- stitching.proto
-- string.proto
-- string.proto
-- struct.proto
-- subset.proto
-- subset_spec.proto
-- tap.proto
-- tap.proto
-- tcp.proto
-- timestamp.proto
-- tls_cipher_inspector.proto
-- trace.proto
-- tracing.proto
-- transformation.proto
-- transformation.proto
-- transformation.proto
-- type.proto
-- typed_struct.proto
-- upstream.proto
-- upstream_proxy_protocol.proto
-- upstream_wait_filter.proto
-- version.proto
-- versioning.proto
-- versioning.proto
-- virtual_service.proto
-- waf.proto
-- waf.proto
-- wasm.proto
-- wasm.proto
-- wasm.proto
-- wrappers.proto
-- xslt_transformer.proto
-- zipkin.proto
-
Command Line Reference
-
Changelog
-
Helm Chart Values
-
Security Updates
- Security Posture
- Gloo Gateway Port Reference
- Release Support
-
Cheatsheets
Contribution Guide
Get help and support
csrf.proto
Package: solo.io.envoy.extensions.filters.http.csrf.v3
copied from https://github.com/envoyproxy/envoy/blob/main/api/envoy/extensions/filters/http/csrf/v3/csrf.proto
Types:
CsrfPolicy
CSRF filter config.
"filterEnabled": .solo.io.envoy.config.core.v3.RuntimeFractionalPercent
"shadowEnabled": .solo.io.envoy.config.core.v3.RuntimeFractionalPercent
"additionalOrigins": [] solo.io.envoy.type.matcher.v3.StringMatcher
Field
Type
Description
filterEnabled
.solo.io.envoy.config.core.v3.RuntimeFractionalPercent
Specifies the % of requests for which the CSRF filter is enabled. If :ref:runtime_key <envoy_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>
is specified, Envoy will lookup the runtime key to get the percentage of requests to filter. .. note:: This field defaults to 100/:ref:HUNDRED <envoy_api_enum_type.v3.FractionalPercent.DenominatorType>
.
shadowEnabled
.solo.io.envoy.config.core.v3.RuntimeFractionalPercent
Specifies that CSRF policies will be evaluated and tracked, but not enforced. This is intended to be used when filter_enabled
is off and will be ignored otherwise. If :ref:runtime_key <envoy_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>
is specified, Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate and track the request’s Origin and Destination to determine if it’s valid, but will not enforce any policies.
additionalOrigins
[]solo.io.envoy.type.matcher.v3.StringMatcher
Specifies additional source origins that will be allowed in addition to the destination origin. More information on how this can be configured via runtime can be found :ref:here <csrf-configuration>
.