On this page
CorsPolicy
CorsPolicy API reference.
Proto: cors_policy.proto
Package: security.policy.gloo.solo.io
CORSPolicyReport
| Field | Description |
|---|---|
workspaces | (repeated CORSPolicyReport.WorkspacesEntry)A list of workspaces in which the policy can apply to workloads. |
selectedRoutes | (repeated common.gloo.solo.io.RouteReference)A list of references to all routes selected by the policy. |
CORSPolicyReport.WorkspacesEntry
| Field | Description |
|---|---|
key | (string) |
value | (common.gloo.solo.io.Report) |
CORSPolicySpec
CORSPolicy is used to set a Cross-Origin Resource Sharing policy (CORS) for requests matching selected routes. Refer to [this link](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS for further details about cross origin resource sharing. CORSPolicies are applied at the Route level.
| Field | Description |
|---|---|
applyToRoutes | (repeated common.gloo.solo.io.RouteSelector)Select the routes where the policy will be applied. If empty, will apply to all routes in the workspace. |
config | (CORSPolicySpec.Config)The details of the CORS policy to apply to the selected routes. |
CORSPolicySpec.Config
| Field | Description |
|---|---|
allowOrigins | (repeated common.gloo.solo.io.StringMatch)String patterns that match allowed origins. An origin is allowed if any of the string matchers match. |
allowMethods | (repeated string)List of HTTP methods allowed to access the resource. The content will be serialized to the Access-Control-Allow-Methods header. |
allowHeaders | (repeated string)List of HTTP headers that can be used when requesting the resource. Serialized to the Access-Control-Allow-Headers header. |
exposeHeaders | (repeated string)A list of HTTP headers that browsers are allowed to access. Serialized to the Access-Control-Expose-Headers header. |
maxAge | (google.protobuf.Duration)Specify how long the results of a preflight request can be cached. Serialized to the Access-Control-Max-Age header. For information about the value format, see the Google protocol buffer documentation. |
allowCredentials | (google.protobuf.BoolValue)Indicates whether the caller is allowed to send the actual request (not the preflight) using credentials. Translates to the Access-Control-Allow-Credentials header. |
CORSPolicyStatus
The status of the policy after it is applied to your Gloo environment.
| Field | Description |
|---|---|
common | (common.gloo.solo.io.Status)The state and workspace conditions of the applied resource. |
numSelectedRoutes | (uint32)The number of routes selected by the policy. |