Skip to content

Misc

Cross-Origin Resource Sharing

Configuring Cross-Origin Resource Sharing (CORS) for this API.

OpenAPI Specification
info:
  title: Cross-Origin Resource Sharing
openapi: 3.0.3
paths:
  /test:
    get:
      responses:
        '200':
          description: OK
servers:
  - url: http://127.0.0.1:/api/echo
x-proxyconf:
  cluster: demo
  cors:
    access-control-allow-methods:
      - GET
      - POST
    access-control-allow-origins:
      - http://*.foo.com
    access-control-max-age: 600
  security:
    auth:
      downstream:
        clients:
          testUser:
            - 9a618248b64db62d15b300a07b00580b
        name: my-api-key
        type: header
  url: http://localhost:8080/cors

HURL Examples

POST http://localhost:{{port}}/api/upload/cors?api-port={{port}}&envoy-cluster={{envoy-cluster}}
Content-Type: application/yaml
Authorization: Bearer {{admin-access-token}}
file,cors.yaml;
HTTP 200

# CORS Preflight Requests are unauthenticated
OPTIONS http://localhost:8080/cors/test
Origin: http://cors.foo.com
Access-Control-Request-Method: Get
HTTP 200
Access-Control-Allow-Origin: http://cors.foo.com
Access-Control-Allow-Methods: GET,POST
Access-Control-Max-Age: 600
[Asserts]
bytes count == 0

# Accessing the actual resource must be authenticatied - negative test
GET http://localhost:8080/cors/test
HTTP 403
[Asserts]
body contains "RBAC: access denied"

# Accessing the actual resource must be authenticatied - positive test
GET http://localhost:8080/cors/test
my-api-key: supersecret
HTTP 200

Downstream TLS

Downstream TLS is implicitely configured by providing a https URL in the x-proxyconf.url configuration. The server certificate used for the listener is selected by matching the x-proxyconf.url hostname with the TLS Common Name (CN) or TLS Subject Alternative Names (SAN) found in the TLS certificates available in PROXYCONF_SERVER_DOWNSTREAM_TLS_PATH.

OpenAPI Specification
info:
  title: Downstream TLS
openapi: 3.0.3
paths:
  /test:
    get:
      responses:
        '200':
          content:
            application/json:
              example: '{"hello":"world"}'
              schema:
                type: object
          description: OK
    post:
      requestBody:
        content:
          application/json: {}
        required: true
      responses:
        '200':
          content:
            application/json: {}
          description: OK
servers:
  - url: http://127.0.0.1:/api/echo
x-proxyconf:
  cluster: demo
  listener:
    address: 127.0.0.1
    port: 8443
  security:
    auth:
      downstream: disabled
  url: https://localhost:8443/downstream-tls

HURL Examples

POST http://localhost:{{port}}/api/upload/downstream-tls?api-port={{port}}&envoy-cluster={{envoy-cluster}}
Content-Type: application/yaml
Authorization: Bearer {{admin-access-token}}
file,downstream-tls.yaml;
HTTP 200

GET https://localhost:8443/downstream-tls/test
HTTP 200

# We expect a not found as required request body is missing 
# and thereore no route matches
POST https://localhost:8443/downstream-tls/test
HTTP 404

# Also a 404 for wrong path
GET https://localhost:8443/downstream-tls/test2
HTTP 404

# With valid content type 
POST https://localhost:8443/downstream-tls/test
Content-Type: application/json
{
  "hello": "world"
}
HTTP 200

# With invalid content type 
POST https://localhost:8443/downstream-tls/test
Content-Type: text/plain
"hello world"
HTTP 404