Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cors: reject unexpected cors requests #37974

Open
wbpcode opened this issue Jan 13, 2025 · 0 comments
Open

cors: reject unexpected cors requests #37974

wbpcode opened this issue Jan 13, 2025 · 0 comments
Labels
enhancement Feature requests. Not bugs or questions. triage Issue requires triage

Comments

@wbpcode
Copy link
Member

wbpcode commented Jan 13, 2025

Title: [One line description](cors: reject unexpected cors requests)

Description:

Now, the unexpected cors requests (like some required headers lost) will be proxied to upstream directly to let the upstream to make the final decision.

This actually doesn't match our instuition. We even add a specific note to explain the behavior to our users. See https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/cors_filter

You maybe better if we can provide an option to reject unexpected cors requests, like OPTIONS requests without origin header, etc.

[optional Relevant Links:]

Any extra documentation required to understand the issue.
@wbpcode wbpcode added enhancement Feature requests. Not bugs or questions. triage Issue requires triage labels Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Feature requests. Not bugs or questions. triage Issue requires triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wbpcode