Envoy: Issue while allowing cors origin

Created on 19 Jan 2020  路  7Comments  路  Source: envoyproxy/envoy

Hey!

Today my envoy proxy stopped working after I rebuild my Docker image

I am getting that error using your example:

[2020-01-19 03:38:58.528][6][critical][main] [source/server/server.cc:94] error initializing configuration '/etc/envoy.yaml': Proto constraint validation failed (Using deprecated option 'envoy.api.v2.route.CorsPolicy.allow_origin' from file route_components.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/intro/deprecated for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override.): allow_origin: "*"
allow_methods: "GET, PUT, DELETE, POST, OPTIONS"
allow_headers: "keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout"
expose_headers: "custom-header-1,grpc-status,grpc-message"
max_age: "1728000"

Dockerfile

# This configuration will build a Docker container containing
# an Envoy proxy that routes to Google.

FROM envoyproxy/envoy-dev:latest
RUN apt-get update
COPY envoy.yaml /etc/envoy.yaml
CMD /usr/local/bin/envoy -c /etc/envoy.yaml

envoy.yaml

admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address: { address: 0.0.0.0, port_value: 9901 }

static_resources:
  listeners:
    - name: listener_0
      address:
        socket_address: { address: 0.0.0.0, port_value: 9000 }
      filter_chains:
        - filters:
            - name: envoy.http_connection_manager
              config:
                codec_type: auto
                stat_prefix: ingress_http
                route_config:
                  name: local_route
                  virtual_hosts:
                    - name: local_service
                      domains: ["*"]
                      routes:
                        - match: { prefix: "/" }
                          route:
                            cluster: api_interface
                            max_grpc_timeout: 0s
                      cors:
                        allow_origin:
                          - "*"
                        allow_methods: GET, PUT, DELETE, POST, OPTIONS
                        allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
                        max_age: "1728000"
                        expose_headers: custom-header-1,grpc-status,grpc-message
                http_filters:
                  - name: envoy.grpc_web
                  - name: envoy.cors
                  - name: envoy.router
  clusters:
    - name: api_interface
      connect_timeout: 0.25s
      type: logical_dns
      http2_protocol_options: {}
      lb_policy: round_robin
      hosts: [{ socket_address: { address: host.docker.internal, port_value: 10000 }}]
question stale
Source
picture Emixam23
👍1

Most helpful comment

@Emixam23 you're seeing the error because you're using a deprecated option (allow-origin) that is (by default) forbidden in the latest version. That's what the error states.

If you look at the example that @mattklein123 has posted you'll notice the example fix with what you should change it to.
https://github.com/envoyproxy/envoy/commit/8057eed8aceaecc29a28fe1cc3818b67cba32585#diff-428896f72b8e102cc1fa2ea75d22305fL26-L28

                      cors:
                        allow_origin_string_match:
                          - prefix: "*"
picture clehene on 25 Feb 2020
👍3

All 7 comments

The example was fixed in https://github.com/envoyproxy/envoy/commit/8057eed8aceaecc29a28fe1cc3818b67cba32585

mattklein123 picture mattklein123 on 19 Jan 2020

Hey!

Thanks for your answer. Then (Sorry if I miss understood) if it was fixed, why am I getting this error following my current code state?

Thanks!

Emixam23 picture Emixam23 on 19 Jan 2020

Facing the same issue here.

RDevR99 picture RDevR99 on 22 Jan 2020

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

stale[bot] picture stale[bot] on 21 Feb 2020

@Emixam23 you're seeing the error because you're using a deprecated option (allow-origin) that is (by default) forbidden in the latest version. That's what the error states.

If you look at the example that @mattklein123 has posted you'll notice the example fix with what you should change it to.
https://github.com/envoyproxy/envoy/commit/8057eed8aceaecc29a28fe1cc3818b67cba32585#diff-428896f72b8e102cc1fa2ea75d22305fL26-L28

                      cors:
                        allow_origin_string_match:
                          - prefix: "*"
clehene picture clehene on 25 Feb 2020
👍3

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

stale[bot] picture stale[bot] on 26 Mar 2020

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.

stale[bot] picture stale[bot] on 2 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

vpiduri picture vpiduri  路  3Comments
anatolebeuzon picture anatolebeuzon  路  3Comments
roelfdutoit picture roelfdutoit  路  3Comments
weixiao-huang picture weixiao-huang  路  3Comments
lps0535 picture lps0535  路  3Comments