http Binding
http Binding
Zilla runtime http binding.
http_server:
type: http
kind: server
options:
access-control:
policy: cross-origin
authorization:
jwt:
credentials:
headers:
authorization: Bearer {credentials}
routes:
- when:
- headers:
":scheme": https
":authority": example.com:443
exit: echo_server
Summary
Defines a binding with http
protocol support, with server
or client
behavior.
Server behavior
The server
kind http
binding decodes HTTP/1.1
protocol or HTTP/2
protocol on the inbound network stream, producing higher level application streams for each request.
Cross-Origin Resource Sharing (CORS) is supported by specifying an access control policy of cross-origin
. Further configuration allows for finer-grained access control including specific request origins, methods and headers allowed, and specific response headers exposed.
Authorization is enforced by a guard
and the credentials can be extracted from a cookie, header or query parameter.
Conditional routes based on http
request headers are used to route these application streams to an exit
binding.
Client behavior
The client
kind http
binding receives inbound application streams and encodes each request as a network stream via HTTP/1.1
protocol. Note that the same network stream can be reused to encode multiple HTTP/1.1
requests.
Conditional routes based on http
request headers are used to route these network streams to an exit
binding.
Configuration
Properties
- kind*
- options
- options.versions
- options.access-control
- options.authorization
- options.overrides
- exit
- routes
- routes[].guarded
- routes[].when
- routes[].exit*
* required
kind*
enum
[ "server", "client" ]
Behave as an http
server
or client
.
options
object
http
-specific options.
options:
access-control:
policy: cross-origin
authorization:
jwt:
credentials:
headers:
authorization: Bearer {credentials}
options.versions
array
ofenum
[ "http/1.1", "h2" ]
Supported protocol versions.
options.access-control
oneOf: same-origin | cross-origin
Access control policy for the HTTP
protocol.
access-control.policy*
enum
[ "same-origin" , "cross-origin" ]
Supported access control policies.
access-control.policy (same-origin)
string
Extra properties aren't needed when using Same Origin access control for the HTTP
protocol.
options:
access-control:
policy: same-origin
access-control.policy (cross-origin)
object
Additional properties that cover Cross Origin Resource Sharing (CORS) access control for the HTTP
protocol.
options:
access-control:
policy: cross-origin
access-control.allow
object
| Default: all origins, methods and headers, without credentials
Allowed cross-origin request origins, methods, headers and credentials.
CORS allowed request origins, methods, headers and credentials for the HTTP
protocol.
allow.origins
array
ofstring
Allowed request origins.
allow.methods
array
ofstring
Allowed request methods.
allow.headers
array
ofstring
Allowed request headers.
allow.credentials
boolean
Support fetch
credentials mode include
.
access-control.max-age
number
Maximum cache age (in seconds) for allowed headers and methods.
access-control.expose
object
| Default: all response headers
Exposed cross-origin response headers.
expose.headers
array
ofstring
Exposed response headers.
options.authorization
object
as map of named properties
Authorization by guard for the HTTP/1.1
and HTTP/2
protocols.
authorization:
jwt:
credentials:
headers:
authorization: Bearer {credentials}
authorization.credentials
object
Defines how to extract credentials from the HTTP request.
credentials.cookies
object
as map ofstring
Named cookie value pattern with {credentials}
.
credentials.headers
object
as map ofstring
Named header value pattern with {credentials}
, e.g. "Bearer
{credentials}"
.
credentials.query
object
as map ofstring
Named query parameter value pattern with {credentials}
.
options.overrides
object
of name-value header overrides
Request header overrides.
exit
string
Default exit binding when no conditional routes are viable.
exit: echo_server
routes
array
ofobject
Conditional http
-specific routes.
routes:
- when:
- headers:
":scheme": https
":authority": example.com:443
exit: echo_server
routes[].guarded
object
as named map ofstring:string
array
List of roles required by each named guard to authorize this route.
routes:
- guarded:
test:
- read:items
routes[].when
array
ofobject
List of conditions (any match) to match this route.
Read more: When a route matches
routes:
- when:
- headers:
":scheme": https
":authority": example.com:443
when[].headers
object
of name-value headers
Header name value pairs (all match).
routes[].exit*
string
Next binding when following this route.
routes:
- when:
...
exit: echo_server
* required