Misc
Cross-Origin Resource Sharing
Configuring Cross-Origin Resource Sharing (CORS) for this API.
HURL Examples
POST http://localhost:{{port}}/api/upload/cors?api-port={{port}}&envoy-cluster={{envoy-cluster}}
Content-Type: application/yaml
Authorization: Bearer {{admin-access-token}}
file,cors.yaml;
HTTP 200
# CORS Preflight Requests are unauthenticated
OPTIONS http://localhost:8080/cors/test
Origin: http://cors.foo.com
Access-Control-Request-Method: Get
HTTP 200
Access-Control-Allow-Origin: http://cors.foo.com
Access-Control-Allow-Methods: GET,POST
Access-Control-Max-Age: 600
[Asserts]
bytes count == 0
# Accessing the actual resource must be authenticatied - negative test
GET http://localhost:8080/cors/test
HTTP 403
[Asserts]
body contains "RBAC: access denied"
# Accessing the actual resource must be authenticatied - positive test
GET http://localhost:8080/cors/test
my-api-key: supersecret
HTTP 200
Downstream TLS
Downstream TLS is implicitely configured by providing a https
URL in the x-proxyconf.url
configuration. The server certificate used for the listener is selected by matching the x-proxyconf.url
hostname with the TLS Common Name (CN) or TLS Subject Alternative Names (SAN) found in the TLS certificates available in PROXYCONF_SERVER_DOWNSTREAM_TLS_PATH.
HURL Examples
POST http://localhost:{{port}}/api/upload/downstream-tls?api-port={{port}}&envoy-cluster={{envoy-cluster}}
Content-Type: application/yaml
Authorization: Bearer {{admin-access-token}}
file,downstream-tls.yaml;
HTTP 200
GET https://localhost:8443/downstream-tls/test
HTTP 200
# We expect a not found as required request body is missing
# and thereore no route matches
POST https://localhost:8443/downstream-tls/test
HTTP 404
# Also a 404 for wrong path
GET https://localhost:8443/downstream-tls/test2
HTTP 404
# With valid content type
POST https://localhost:8443/downstream-tls/test
Content-Type: application/json
{
"hello": "world"
}
HTTP 200
# With invalid content type
POST https://localhost:8443/downstream-tls/test
Content-Type: text/plain
"hello world"
HTTP 404