CorsPolicy

Proto: cors_policy.proto

Package: security.policy.gloo.solo.io

Types:

CORSPolicyReport

Field Description
workspaces (repeated CORSPolicyReport.WorkspacesEntry)

A list of workspaces in which the policy can apply to workloads.
selectedRoutes (repeated common.gloo.solo.io.RouteReference)

A list of references to all routes selected by the policy.

CORSPolicyReport.WorkspacesEntry

Field Description
key (string)

value (common.gloo.solo.io.Report)

CORSPolicySpec

CORSPolicy is used to set a Cross-Origin Resource Sharing policy (CORS) for requests matching selected routes. Refer to [this link](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS for further details about cross origin resource sharing. CORSPolicies are applied at the Route level.

Field Description
applyToRoutes (repeated common.gloo.solo.io.RouteSelector)

Select the routes where the policy will be applied. If empty, will apply to all routes in the workspace.
config (CORSPolicySpec.Config)

The details of the CORS policy to apply to the selected routes.

CORSPolicySpec.Config

Field Description
allowOrigins (repeated common.gloo.solo.io.StringMatch)

String patterns that match allowed origins. An origin is allowed if any of the string matchers match.
allowMethods (repeated string)

List of HTTP methods allowed to access the resource. The content will be serialized to the Access-Control-Allow-Methods header.
allowHeaders (repeated string)

List of HTTP headers that can be used when requesting the resource. Serialized to the Access-Control-Allow-Headers header.
exposeHeaders (repeated string)

A list of HTTP headers that browsers are allowed to access. Serialized to the Access-Control-Expose-Headers header.
maxAge (google.protobuf.Duration)

Specify how long the results of a preflight request can be cached. Serialized to the Access-Control-Max-Age header. For information about the value format, see the Google protocol buffer documentation.
allowCredentials (google.protobuf.BoolValue)

Indicates whether the caller is allowed to send the actual request (not the preflight) using credentials. Translates to the Access-Control-Allow-Credentials header.

CORSPolicyStatus

The status of the policy after it is applied to your Gloo environment.

Field Description
common (common.gloo.solo.io.Status)

The state and workspace conditions of the applied resource.
numSelectedRoutes (uint32)

The number of routes selected by the policy.