Sharing CORS config across all virtual_hosts

[nathanhleung]

Short Description

I currently specify the same CORS config under each virtual_host. Is it possible to set the CORS config once and share it across all virtual_hosts?

Extended Description

I'm currently using Envoy to route requests to gRPC services based on the host header.

Here's the relevant part of my config, under static_resources.listeners[].filter_chains.filters['envoy.http_connection_manager'].config.route_config:

virtual_hosts:
  - name: server1
    domains:
      - $SERVER1_EXTERNAL_HOST
    routes:
      - match: { prefix: "/" }
        route:
          cluster: server1
          max_grpc_timeout: 0s
    cors:
      allow_origin_string_match:
        safe_regex:
          google_re2:
            max_program_size: 100
          regex: ".*"
      allow_methods: GET, PUT, DELETE, POST, OPTIONS
      allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,authorization,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
      max_age: "1728000"
      expose_headers: grpc-status,grpc-message
  - name: server2
    domains:
      - $SERVER2_EXTERNAL_HOST
    routes:
      - match: { prefix: "/" }
        route:
          cluster: server2
          max_grpc_timeout: 0s
    cors:
      allow_origin_string_match:
        safe_regex:
          google_re2:
            max_program_size: 100
          regex: ".*"
      allow_methods: GET, PUT, DELETE, POST, OPTIONS
      allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,authorization,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
      max_age: "1728000"
      expose_headers: grpc-status,grpc-message

I use the same CORS config for both services -- is it possible to specify that config once somewhere else and have it apply for all virtual_hosts?

[mattklein123]

cc @dschaller @derekargueta for comment.

[derekargueta]

This would be achievable by moving the CORS to per_filter_config, which could then be configured at the global, virtual host, or route level.

My initial attempt if anyone wants to revive it, my plate is a little full at the moment: #9324

[nathanhleung]

I'm happy to give it a shot but not exactly sure what's going on. What needs to be done?

[nathanhleung]

I ended up using YAML anchors.

[stale]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.