envoyproxy/gateway
Auf GitHub ansehenAllow for non http(s) schemes in securityPolicy
Open
#9.014 geöffnet am 16. Mai 2026
help wanted
Repository-Metriken
- Stars
- (2.871 Stars)
- PR-Merge-Metriken
- (PR-Metriken ausstehend)
Beschreibung
The current SecurityPolicy CRD restricts the CORS filter's allowed origins to http(s) schemes only.
Is this intentional in order to conform with the HTTPRoute CORS definition?
I think it would be reasonable to allow non-HTTP(S) schemes here as well. The use case is admittedly niche, and anyone who really needs this could locally patch the CRD and move on, but I cannot think of any rationale for this restriction to begin with.