binding (http)
Zilla runtime http binding
Defines a binding with
http protocol support, with server or client behavior.The
server kind http binding decodes HTTP/1.1 protocol or HTTP/2 protocol on the inbound network stream, producing higher level application streams for each request.Cross-Origin Resource Sharing (CORS) is supported by specifying an access control policy of
cross-origin. Further configuration allows for finer-grained access control including specific request origins, methods and headers allowed, and specific response headers exposed.Authorization is enforced by a
guard and the credentials can be extracted from a cookie, header or query parameter.Conditional routes based on
http request headers are used to route these application streams to an exit binding.The
client kind http binding receives inbound application streams and encodes each request as a network stream via HTTP/1.1 protocol. Note that the same network stream can be reused to encode multiple HTTP/1.1 requests.Conditional routes based on
http request headers are used to route these network streams to an exit binding."http_server0":
{
"type" : "http",
"kind": "server",
"options":
{
"access-control":
{
"policy": "cross-origin"
},
"authorization":
{
"jwt0":
{
"credentials":
{
"headers":
{
"authorization": "Bearer {credentials}"
}
}
}
}
},
"routes":
[
{
"when":
[
{
"headers":
{
":scheme": "https",
":authority": "example.com:443"
}
}
],
"exit": "echo_server0"
}
]
}
Binding with support for
http protocol.Options for
HTTP protocol.Name (* = required) | Type | Description |
|---|---|---|
versions | array of enum [
"http/1.1",
"h2" ] | Supported protocol versions |
object | Access control policy | |
authorization | Authorization by guard | |
overrides | object of name-value header overrides | Request header overrides |
Access control for
HTTP protocol.Name (* = required) | Type | Description |
|---|---|---|
policy* | Supported access control policies |
Cross Origin Resource Sharing (CORS) access control for
HTTP protocol.Name (* = required) | Type | Description |
|---|---|---|
policy* | const "cross-origin" | Support cross-origin access control policy |
object | Allowed cross-origin request origins, methods, headers and credentials.
Defaults to all origins, methods and headers, without credentials. | |
max-age | number | Maximum cache age (in seconds) for allowed headers and methods. |
object | Exposed cross-origin response headers.
Defaults to all response headers. |
CORS allowed request origins, methods, headers and credentials for
HTTP protocol.Name (* = required) | Type | Description |
|---|---|---|
origins | array of string | Allowed request origins. |
methods | array of string | Allowed request methods. |
headers | array of string | Allowed request headers |
credentials | boolean | Support fetch credentials mode include. |
CORS exposed response headers for
HTTP protocol.Name (* = required) | Type | Description |
|---|---|---|
headers | array of string | Exposed response headers |
Authorization for
HTTP/1.1 and HTTP/2 protocols.Name (* = required) | Type | Description |
|---|---|---|
object | Defines how to extract credentials from the HTTP request. |
Credentials for
HTTP protocol.Name (* = required) | Type | Description |
|---|---|---|
cookies | object as map of string | Named cookie value pattern with {credentials} |
headers | object as map of string | Named header value pattern with {credentials}, e.g. "Bearer {credentials}" |
query | object as map of string | Named query parameter value pattern with {credentials} |
Routes for
HTTP protocol.Name (* = required) | Type | Description |
|---|---|---|
guarded | object as named map of string array | List of roles required by each named guard to authorize this route |
when | List of conditions (any match) to match this route | |
exit* | string | Next binding when following this route |
Conditions to match routes for
HTTP protocol.Name (* = required) | Type | Description |
|---|---|---|
headers | object of name-value headers | Header name value pairs
(all match) |
Last modified 10mo ago