help wanted
倉庫指標
- Star
- (2,871 star)
- PR 合併指標
- (PR 指標待抓取)
描述
The current SecurityPolicy CRD restricts the CORS filter's allowed origins to http(s) schemes only.
Is this intentional in order to conform with the HTTPRoute CORS definition?
I think it would be reasonable to allow non-HTTP(S) schemes here as well. The use case is admittedly niche, and anyone who really needs this could locally patch the CRD and move on, but I cannot think of any rationale for this restriction to begin with.