You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shenyu.apache.org by yu...@apache.org on 2022/07/01 16:06:34 UTC
[incubator-shenyu-website] branch main updated: update cors docs (#625)
This is an automated email from the ASF dual-hosted git repository.
yui pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-shenyu-website.git
The following commit(s) were added to refs/heads/main by this push:
new 2174a908e8 update cors docs (#625)
2174a908e8 is described below
commit 2174a908e8e03644219d98e5851bce861457fc71
Author: Qicz <qi...@gmail.com>
AuthorDate: Sat Jul 2 00:06:30 2022 +0800
update cors docs (#625)
---
docs/user-guide/property-config/gateway-property-config.md | 14 ++++++++++----
.../user-guide/property-config/gateway-property-config.md | 13 +++++++++----
2 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/docs/user-guide/property-config/gateway-property-config.md b/docs/user-guide/property-config/gateway-property-config.md
index 7c300474c4..49faef4f85 100644
--- a/docs/user-guide/property-config/gateway-property-config.md
+++ b/docs/user-guide/property-config/gateway-property-config.md
@@ -117,8 +117,13 @@ shenyu:
enabled: true
allowedHeaders:
allowedMethods: "*"
- allowedOrigin: "*"
- allowedExpose: "*"
+ allowedAnyOrigin: false
+ allowedOrigin:
+ domain: apache.org
+ prefixes:
+ - a # a.apache.org
+ - b # b.apache.org
+ allowedExpose: ""
maxAge: "18000"
allowCredentials: true
switchConfig:
@@ -306,8 +311,9 @@ Cross filter properties:
| enabled | Boolean | false | No | allow cross-domain requests |
| allowedHeaders | String | x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN, token, username, client | No | allowedHeaders, Use "," split in multiple cases. the new "allowedHeaders" will append to "Access-Control-Allow-Headers" based on the default value and remove the reduplicative header. |
| allowedMethods | String | "*" | No | allowedMethods |
-| allowedOrigin | String | "*" | No | allowedOrigin,if the value is empty, use `request.getHeaders().getOrigin()` set to `Access-Control-Allow-Origin` |
-| allowedExpose | String | "*" | No | allowedExpose |
+| allowedAnyOrigin | Boolean | false | No | Whether to allow any Origin, if it is true, directly set the `Access-Control-Allow-Origin` to the same value as the Origin, that is, `request.getHeaders().getOrigin()`, and discard the `allowedOrigin` configuration. |
+| allowedOrigin | AllowedOriginConfig | - | No | Configure domain such as apache.org and domain name prefixes such as a, b. If `Origin` is a.apache.org or b.apache.org, the value of `Access-Control-Allow-Origin` is the same as `Origin`, that is, `request.getHeaders( ).getOrigin()` |
+| allowedExpose | String | "" | No | 允许的Expose |
| maxAge | String | "18000" | No | maxAge (ms) |
| allowCredentials | Boolean | true | No | allowCredentials |
diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/user-guide/property-config/gateway-property-config.md b/i18n/zh/docusaurus-plugin-content-docs/current/user-guide/property-config/gateway-property-config.md
index bc39d6d5b0..b0ef21d81f 100644
--- a/i18n/zh/docusaurus-plugin-content-docs/current/user-guide/property-config/gateway-property-config.md
+++ b/i18n/zh/docusaurus-plugin-content-docs/current/user-guide/property-config/gateway-property-config.md
@@ -117,8 +117,12 @@ shenyu:
enabled: true
allowedHeaders:
allowedMethods: "*"
- allowedOrigin: "*"
- allowedExpose: "*"
+ allowedAnyOrigin: false
+ allowedOrigin:
+ domain: apache.org
+ prefixes:
+ - a # a.apache.org
+ - b # b.apache.org
maxAge: "18000"
allowCredentials: true
switchConfig:
@@ -306,8 +310,9 @@ Netty HttpClient 代理的相关配置:
| enabled | Boolean | false | 否 | 是否支持跨域请求 |
| allowedHeaders | String | x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN, token, username, client | No | 允许的Header头,多个请用 "," 分割。新的"allowedHeaders"会在默认值基础上,去除重复的追加到"Access-Control-Allow-Headers"。 |
| allowedMethods | String | "*" | No | 允许的方法 |
-| allowedOrigin | String | "*" | No | 允许的Origin,当取值为""时,使用`request.getHeaders().getOrigin()`设置`Access-Control-Allow-Origin` |
-| allowedExpose | String | "*" | No | 允许的Expose |
+| allowedAnyOrigin | Boolean | false | No | 是否允许任意Origin,为true时直接将`Access-Control-Allow-Origin`设置值与Origin相同,即`request.getHeaders().getOrigin()`,同时丢弃`allowedOrigin`配置 |
+| allowedOrigin | AllowedOriginConfig | - | No | 配置domain如apache.org及域名prefixes如a,b,如果`Origin`为a.apache.org或b.apache.org时`Access-Control-Allow-Origin`设置值与`Origin`相同,即`request.getHeaders().getOrigin()` |
+| allowedExpose | String | "" | No | 允许的Expose |
| maxAge | String | "18000" | No | 最大年龄 (ms) |
| allowCredentials | Boolean | true | No | 允许认证 |