Skip to content

cors: return local reply when preflight origin does not match allowed origins#33051

Merged
mattklein123 merged 3 commits intoenvoyproxy:mainfrom
cpakulski:issue/14233
Mar 22, 2024
Merged

cors: return local reply when preflight origin does not match allowed origins#33051
mattklein123 merged 3 commits intoenvoyproxy:mainfrom
cpakulski:issue/14233

Conversation

@cpakulski
Copy link
Copy Markdown
Contributor

@cpakulski cpakulski commented Mar 21, 2024

Commit Message:
cors: return local reply when preflight origin does not match allowed origins
Additional Description:
When CORS preflight's origin does not match configured allowed origins, the filter continued iteration. The preflight reached the upstream server. Some users expressed interest in generating local reply in such situation. Based on CORS specs, locally generated reply should not contain access-control-allow-origin response header. This behaviour is controlled by API and default setting is to forward the preflight to upstream.
Risk Level: Low
Testing: Added unit/integration tests.
Docs Changes: Yes
Release Notes: Yes
Platform Specific Features: No
Fixes #14233

@cpakulski
CORS: Generate local response for preflights with not matching origin.
a2312e5 
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
@cpakulski
Merge remote-tracking branch 'upstream/main' into issue/14233
981aa1f 
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
@cpakulski cpakulski requested a review from wbpcode as a code owner March 21, 2024 19:27
@repokitteh-read-only
Copy link
Copy Markdown

repokitteh-read-only bot commented Mar 21, 2024

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @mattklein123
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

🐱

Caused by: #33051 was opened by cpakulski.

see: more, trace.

@cpakulski
Merge remote-tracking branch 'upstream/main' into issue/14233
9f2c71d 
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
@mattklein123 mattklein123 merged commit 5f58f9a into envoyproxy:main Mar 22, 2024
@cpakulski cpakulski deleted the issue/14233 branch March 22, 2024 16:13
This was referenced Mar 24, 2024
Closed
Merged
Closed
@cpakulski cpakulski mentioned this pull request Mar 26, 2024
Merged
@zirain zirain mentioned this pull request Apr 13, 2024
Merged
@zirain zirain mentioned this pull request Apr 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattklein123 mattklein123 mattklein123 approved these changes

@wbpcode wbpcode Awaiting requested review from wbpcode wbpcode is a code owner

Assignees

@mattklein123 mattklein123

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CORS: The preflight request is forwarded to the upstream if the origin is not allowed.

2 participants

@cpakulski @mattklein123