help wanted
Repository metrics
- Stars
- (2,871 stars)
- PR merge metrics
- (PR metrics pending)
説明
The current SecurityPolicy CRD restricts the CORS filter's allowed origins to http(s) schemes only.
Is this intentional in order to conform with the HTTPRoute CORS definition?
I think it would be reasonable to allow non-HTTP(S) schemes here as well. The use case is admittedly niche, and anyone who really needs this could locally patch the CRD and move on, but I cannot think of any rationale for this restriction to begin with.