On this page
CorsPolicy
CorsPolicy API reference.
Proto: cors_policy.proto
Package: security.policy.gloo.solo.io
Types:
CORSPolicyReport
Field | Description |
---|---|
workspaces | (repeated CORSPolicyReport.WorkspacesEntry ) |
selectedRoutes | (repeated common.gloo.solo.io.RouteReference )A list of references to all routes selected by the policy. |
CORSPolicyReport.WorkspacesEntry
Field | Description |
---|---|
key | (string ) |
value | (common.gloo.solo.io.Report ) |
CORSPolicySpec
CORSPolicy is used to set a Cross-Origin Resource Sharing policy (CORS) for requests matching selected routes. Refer to [this link](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS for further details about cross origin resource sharing. CORSPolicies are applied at the Route level.
Field | Description |
---|---|
applyToRoutes | (repeated common.gloo.solo.io.RouteSelector )Select the routes where the policy will be applied. If left empty, will apply to all routes in the workspace. |
config | (CORSPolicySpec.Config )The details of the CORS policy to apply to the selected routes. |
CORSPolicySpec.Config
Field | Description |
---|---|
allowOrigins | (repeated common.gloo.solo.io.StringMatch )String patterns that match allowed origins. An origin is allowed if any of the string matchers match. |
allowMethods | (repeated string )List of HTTP methods allowed to access the resource. The content will be serialized to the Access-Control-Allow-Methods header. |
allowHeaders | (repeated string )List of HTTP headers that can be used when requesting the resource. Serialized to the Access-Control-Allow-Headers header. |
exposeHeaders | (repeated string )A list of HTTP headers that browsers are allowed to access. Serialized to the Access-Control-Expose-Headers header. |
maxAge | (google.protobuf.Duration )Specify how long the results of a preflight request can be cached. Serialized to the Access-Control-Max-Age header. For information about the value format, see the Google protocol buffer documentation. |
allowCredentials | (google.protobuf.BoolValue )Indicates whether the caller is allowed to send the actual request (not the preflight) using credentials. Translates to the Access-Control-Allow-Credentials header. |
CORSPolicyStatus
Reflects the status of the CORSPolicy.
Field | Description |
---|---|
common | (common.gloo.solo.io.Status ) |
numSelectedRoutes | (uint32 )The number of routes selected by the policy. |