CORS filter

Setup your sandbox environment with Docker and Docker Compose, and clone the Envoy repository with Git.

Cross-Origin Resource Sharing (CORS) is a method of enforcing client-side access controls on resources by specifying external domains that are able to access certain or all routes of your domain. Browsers use the presence of HTTP headers to determine if a response from a different origin is allowed.

To help demonstrate how front-envoy can enforce CORS policies, we are releasing a set of sandboxes that deploy a frontend and backend service on different origins, both behind front-envoy.

The frontend service has a field to input the remote domain of your backend service along with radio buttons to select the remote domain’s CORS enforcement. The CORS enforcement choices are:

Change to the examples/cors/frontend directory, and start the containers:

Now, switch to the directory in the cors example, and start the containers:

You can now open a browser to view your frontend service at http://localhost:8000.

Results of the cross-origin request will be shown on the page under Request Results.

Your browser’s CORS enforcement logs can be found in the browser console.

When Envoy runs, it can listen to requests if a port is configured.

In the example configs, the backend admin is bound to port 8003.

If you browse to you will be able to view all of the Envoy stats for the backend. You should see the CORS stats for invalid and valid origins increment as you make requests from the frontend cluster.