binding (http)
Zilla runtime http binding
Defines a binding with http protocol support, with server or client behavior.

Server behavior

The server kind http binding decodes HTTP/1.1 protocol or HTTP/2 protocol on the inbound network stream, producing higher level application streams for each request.
Cross-Origin Resource Sharing (CORS) is supported by specifying an access control policy of cross-origin. Further configuration allows for finer-grained access control including specific request origins, methods and headers allowed, and specific response headers exposed.
Authorization is enforced by a guard and the credentials can be extracted from a cookie, header or query parameter.
Conditional routes based on http request headers are used to route these application streams to an exit binding.

Client behavior

The client kind http binding receives inbound application streams and encodes each request as a network stream via HTTP/1.1 protocol. Note that the same network stream can be reused to encode multiple HTTP/1.1 requests.
Conditional routes based on http request headers are used to route these network streams to an exit binding.

Example

"http_server0":
{
"type" : "http",
"kind": "server",
"options":
{
"access-control":
{
"policy": "cross-origin"
},
"authorization":
{
"jwt0":
{
"credentials":
{
"headers":
{
"authorization": "Bearer {credentials}"
}
}
}
}
},
"routes":
[
{
"when":
[
{
"headers":
{
":scheme": "https",
":authority": "example.com:443"
}
}
],
"exit": "echo_server0"
}
]
}

Configuration

Binding with support for http protocol.

Properties

Name (* = required)
Type
Description
type*
const "http"
Support http protocol
kind*
enum [
"server",
"client" ]
Behave as an http server or client
​options​
object
http-specifc options
routes
array of route​
Conditional http-specific routes
exit
string
Default exit binding when no conditional routes are viable

options

Options for HTTP protocol.

Properties

Name (* = required)
Type
Description
versions
array of enum [ "http/1.1", "h2" ]
Supported protocol versions
​access-control​
object
Access control policy
authorization
object as map of named authorization properties
Authorization by guard
overrides
object of name-value header overrides
Request header overrides

access-control

Access control for HTTP protocol.

Properties

Name (* = required)
Type
Description
policy*
enum [ "same-origin" , "cross-origin" ]
Supported access control policies

access-control (cross-origin)

Cross Origin Resource Sharing (CORS) access control for HTTP protocol.

Properties

Name (* = required)
Type
Description
policy*
const "cross-origin"
Support cross-origin access control policy
​allow​
object
Allowed cross-origin request origins, methods, headers and credentials. Defaults to all origins, methods and headers, without credentials.
max-age
number
Maximum cache age (in seconds) for allowed headers and methods.
​expose​
object
Exposed cross-origin response headers. Defaults to all response headers.

allow

CORS allowed request origins, methods, headers and credentials for HTTP protocol.

Properties

Name (* = required)
Type
Description
origins
array of string
Allowed request origins.
methods
array of string
Allowed request methods.
headers
array of string
Allowed request headers
credentials
boolean
Support fetch credentials mode include.

expose

CORS exposed response headers for HTTP protocol.

Properties

Name (* = required)
Type
Description
headers
array of string
Exposed response headers

authorization

Authorization for HTTP/1.1 and HTTP/2 protocols.

Properties

Name (* = required)
Type
Description
​credentials​
object
Defines how to extract credentials from the HTTP request.

credentials

Credentials for HTTP protocol.

Properties

Name (* = required)
Type
Description
cookies
object as map of string
Named cookie value pattern with {credentials}
headers
object as map of string
Named header value pattern with {credentials}, e.g. "Bearer {credentials}"
query
object as map of string
Named query parameter value pattern with {credentials}

route

Routes for HTTP protocol.

Properties

Name (* = required)
Type
Description
guarded
object as named map of string array
List of roles required by each named guard to authorize this route
when
array of condition​
List of conditions (any match) to match this route
exit*
string
Next binding when following this route

condition

Conditions to match routes for HTTP protocol.

Properties

Name (* = required)
Type
Description
headers
object of name-value headers
Header name value pairs (all match)
Copy link
On this page
Example
Configuration
options
access-control
access-control (cross-origin)
allow
expose
authorization
credentials
route
condition