You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shenyu.apache.org by yu...@apache.org on 2022/07/01 16:06:34 UTC

[incubator-shenyu-website] branch main updated: update cors docs (#625)

This is an automated email from the ASF dual-hosted git repository.

yui pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-shenyu-website.git


The following commit(s) were added to refs/heads/main by this push:
     new 2174a908e8 update cors docs (#625)
2174a908e8 is described below

commit 2174a908e8e03644219d98e5851bce861457fc71
Author: Qicz <qi...@gmail.com>
AuthorDate: Sat Jul 2 00:06:30 2022 +0800

    update cors docs (#625)
---
 docs/user-guide/property-config/gateway-property-config.md | 14 ++++++++++----
 .../user-guide/property-config/gateway-property-config.md  | 13 +++++++++----
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/docs/user-guide/property-config/gateway-property-config.md b/docs/user-guide/property-config/gateway-property-config.md
index 7c300474c4..49faef4f85 100644
--- a/docs/user-guide/property-config/gateway-property-config.md
+++ b/docs/user-guide/property-config/gateway-property-config.md
@@ -117,8 +117,13 @@ shenyu:
     enabled: true
     allowedHeaders:
     allowedMethods: "*"
-    allowedOrigin: "*"
-    allowedExpose: "*"
+    allowedAnyOrigin: false
+    allowedOrigin:
+      domain: apache.org
+      prefixes:
+        - a # a.apache.org
+        - b # b.apache.org
+    allowedExpose: ""
     maxAge: "18000"
     allowCredentials: true
   switchConfig:
@@ -306,8 +311,9 @@ Cross filter properties:
 | enabled | Boolean |  false  |    No    | allow cross-domain requests |
 | allowedHeaders | String | x-requested-with, authorization, Content-Type, Authorization, credential,  X-XSRF-TOKEN, token, username, client |    No    | allowedHeaders, Use "," split in multiple cases. the new "allowedHeaders" will append to "Access-Control-Allow-Headers" based on the default value and remove the reduplicative header. |
 | allowedMethods | String |   "*"  |    No    | allowedMethods |
-| allowedOrigin | String |  "*"  |    No    | allowedOrigin,if the value is empty, use `request.getHeaders().getOrigin()` set to `Access-Control-Allow-Origin` |
-| allowedExpose | String |  "*"  |    No    | allowedExpose |
+| allowedAnyOrigin | Boolean |   false  |    No    | Whether to allow any Origin, if it is true, directly set the `Access-Control-Allow-Origin` to the same value as the Origin, that is, `request.getHeaders().getOrigin()`, and discard the `allowedOrigin` configuration. |
+| allowedOrigin | AllowedOriginConfig |  -  |    No    | Configure domain such as apache.org and domain name prefixes such as a, b. If `Origin` is a.apache.org or b.apache.org, the value of `Access-Control-Allow-Origin` is the same as `Origin`, that is, `request.getHeaders( ).getOrigin()` |
+| allowedExpose | String |  ""  |    No    | 允许的Expose |
 | maxAge | String |  "18000"  |    No    | maxAge (ms) |
 | allowCredentials | Boolean |  true  |    No    | allowCredentials |
 
diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/user-guide/property-config/gateway-property-config.md b/i18n/zh/docusaurus-plugin-content-docs/current/user-guide/property-config/gateway-property-config.md
index bc39d6d5b0..b0ef21d81f 100644
--- a/i18n/zh/docusaurus-plugin-content-docs/current/user-guide/property-config/gateway-property-config.md
+++ b/i18n/zh/docusaurus-plugin-content-docs/current/user-guide/property-config/gateway-property-config.md
@@ -117,8 +117,12 @@ shenyu:
     enabled: true
     allowedHeaders:
     allowedMethods: "*"
-    allowedOrigin: "*"
-    allowedExpose: "*"
+    allowedAnyOrigin: false
+    allowedOrigin:
+      domain: apache.org
+      prefixes:
+        - a # a.apache.org
+        - b # b.apache.org
     maxAge: "18000"
     allowCredentials: true
   switchConfig:
@@ -306,8 +310,9 @@ Netty HttpClient 代理的相关配置:
 | enabled | Boolean | false  |    否    | 是否支持跨域请求 |
 | allowedHeaders | String | x-requested-with, authorization, Content-Type, Authorization, credential,  X-XSRF-TOKEN, token, username, client |    No    | 允许的Header头,多个请用 "," 分割。新的"allowedHeaders"会在默认值基础上,去除重复的追加到"Access-Control-Allow-Headers"。 |
 | allowedMethods | String |   "*"  |    No    | 允许的方法 |
-| allowedOrigin | String |  "*"  |    No    | 允许的Origin,当取值为""时,使用`request.getHeaders().getOrigin()`设置`Access-Control-Allow-Origin` |
-| allowedExpose | String |  "*"  |    No    | 允许的Expose |
+| allowedAnyOrigin | Boolean |   false  |    No    | 是否允许任意Origin,为true时直接将`Access-Control-Allow-Origin`设置值与Origin相同,即`request.getHeaders().getOrigin()`,同时丢弃`allowedOrigin`配置 |
+| allowedOrigin | AllowedOriginConfig |  -  |    No    | 配置domain如apache.org及域名prefixes如a,b,如果`Origin`为a.apache.org或b.apache.org时`Access-Control-Allow-Origin`设置值与`Origin`相同,即`request.getHeaders().getOrigin()` |
+| allowedExpose | String |  ""  |    No    | 允许的Expose |
 | maxAge | String |  "18000"  |    No    | 最大年龄 (ms) |
 | allowCredentials | Boolean |  true  |    No    | 允许认证 |