Update HTTPCORSFilter struct

DamianSawicki · DamianSawicki · commit a3c17625027c · 2025-12-15T17:19:02.000Z
This updates the Go struct in accordance with the GEP changes from #4281 At the same time, I'm slightly adjusting the wording of the GEP itself.
diff --git a/apis/v1/httproute_types.go b/apis/v1/httproute_types.go
@@ -1391,10 +1391,9 @@ type HTTPCORSFilter struct {
 	// the CORS headers. The cross-origin request fails on the client side.
 	// Therefore, the client doesn't attempt the actual cross-origin request.
 	//
-	// The `Access-Control-Allow-Origin` response header can only use `*`
-	// wildcard as value when the `AllowCredentials` field is false or omitted.
-	//
-	// When the `AllowCredentials` field is true and `AllowOrigins` field
+	// When the request is credentialed, the gateway must not specify the `*`
+	// wildcard in the `Access-Control-Allow-Origin` response header. When
+	// also the `AllowCredentials` field is true and `AllowOrigins` field
 	// specified with the `*` wildcard, the gateway must return a single origin
 	// in the value of the `Access-Control-Allow-Origin` response header,
 	// instead of specifying the `*` wildcard. The value of the header
@@ -1452,15 +1451,19 @@ type HTTPCORSFilter struct {
 	// The `Access-Control-Allow-Methods` response header can only use `*`
 	// wildcard as value when the `AllowCredentials` field is false or omitted.
 	//
-	// When the `AllowCredentials` field is true and `AllowMethods` field
+	// When the request is credentialed, the gateway must not specify the `*`
+	// wildcard in the `Access-Control-Allow-Methods` response header. When
+	// also the `AllowCredentials` field is true and `AllowMethods` field
 	// specified with the `*` wildcard, the gateway must specify one HTTP method
 	// in the value of the Access-Control-Allow-Methods response header. The
 	// value of the header `Access-Control-Allow-Methods` is same as the
 	// `Access-Control-Request-Method` header provided by the client. If the
 	// header `Access-Control-Request-Method` is not included in the request,
 	// the gateway will omit the `Access-Control-Allow-Methods` response header,
-	// instead of specifying the `*` wildcard. A Gateway implementation may
-	// choose to add implementation-specific default methods.
+	// instead of specifying the `*` wildcard.
+	//
+	// A Gateway implementation may choose to add implementation-specific
+	// default methods.
 	//
 	// Support: Extended
 	//
@@ -1495,15 +1498,19 @@ type HTTPCORSFilter struct {
 	// The `Access-Control-Allow-Headers` response header can only use `*`
 	// wildcard as value when the `AllowCredentials` field is false or omitted.
 	//
-	// When the `AllowCredentials` field is true and `AllowHeaders` field
+	// When the request is credentialed, the gateway must not specify the `*`
+	// wildcard in the `Access-Control-Allow-Headers` response header. When
+	// also the `AllowCredentials` field is true and `AllowHeaders` field
 	// specified with the `*` wildcard, the gateway must specify one or more
 	// HTTP headers in the value of the `Access-Control-Allow-Headers` response
 	// header. The value of the header `Access-Control-Allow-Headers` is same as
 	// the `Access-Control-Request-Headers` header provided by the client. If
 	// the header `Access-Control-Request-Headers` is not included in the
 	// request, the gateway will omit the `Access-Control-Allow-Headers`
-	// response header, instead of specifying the `*` wildcard. A Gateway
-	// implementation may choose to add implementation-specific default headers.
+	// response header, instead of specifying the `*` wildcard.
+	//
+	// A Gateway implementation may choose to add implementation-specific
+	// default headers.
 	//
 	// Support: Extended
 	//
@@ -1539,7 +1546,7 @@ type HTTPCORSFilter struct {
 	//
 	// A wildcard indicates that the responses with all HTTP headers are exposed
 	// to clients. The `Access-Control-Expose-Headers` response header can only
-	// use `*` wildcard as value when the `AllowCredentials` field is false or omitted.
+	// use `*` wildcard as value when the request is not credentialed.
 	//
 	// Support: Extended
 	//
diff --git a/geps/gep-1767/index.md b/geps/gep-1767/index.md
@@ -240,14 +240,13 @@ type HTTPCORSFilter struct {
     // Output:
     //   Access-Control-Allow-Origin: *
     //
-    // When the `allowCredentials` config field is true,
-    // the `allowOrigins` config field contains the "*" wildcard, and the
-    // request is credentialed, the gateway must return a 
+    // When the request is credentialed, the gateway must not specify the `*`
+    // wildcard in the `Access-Control-Allow-Origin` response header. When
+    // additionally the `AllowCredentials` field is true and `AllowOrigins`
+    // field specified with the `*` wildcard, the gateway must return a 
     // single origin in the value of the `Access-Control-Allow-Origin` 
-    // response header, instead of specifying the `*` wildcard.
-    // (The wildcard is always forbidden in response to a credentialed
-    // request irrespective of the Gateway configuration.) The value
-    // of the header `Access-Control-Allow-Origin` is same as the `Origin`
+    // response header, instead of specifying the `*` wildcard. The value 
+    // of the header `Access-Control-Allow-Origin` is same as the `Origin` 
     // header provided by the client.
     //
     // Input:
@@ -338,16 +337,16 @@ type HTTPCORSFilter struct {
     // Output:
     //   Access-Control-Allow-Methods: *
     //
-    // When the `allowCredentials` config field is true and the request is
-    // credentialed, the gateway must specify one 
+    // When the request is credentialed, the gateway must not specify the `*`
+    // wildcard in the `Access-Control-Allow-Methods` response header. When
+    // also the `AllowCredentials` field is true and `AllowMethods`
+    // field specified with the `*` wildcard, the gateway must specify one 
     // HTTP method in the value of the Access-Control-Allow-Methods response 
     // header. The value of the header `Access-Control-Allow-Methods` is same 
     // as the `Access-Control-Request-Method` header provided by the client. 
     // If the header `Access-Control-Request-Method` is not included in the 
     // request, the gateway will omit the `Access-Control-Allow-Methods` 
-    // response header, instead of specifying the `*` wildcard.
-    // (The wildcard is always forbidden in response to a credentialed
-    // request irrespective of the Gateway configuration.) A Gateway
+    // response header, instead of specifying the `*` wildcard. A Gateway
     // implementation may choose to add implementation-specific default 
     // methods.
     //
@@ -414,8 +413,10 @@ type HTTPCORSFilter struct {
     // Output:
     //   Access-Control-Allow-Headers: *
     //
-    // When the `allowHeaders` config field contains the "*" wildcard and the request
-    // is credentialed, the gateway must specify one or more
+    // When the request is credentialed, the gateway must not specify the `*`
+    // wildcard in the `Access-Control-Allow-Headers` response header. When
+    // also the `AllowCredentials` field is true and the `AllowHeaders` field
+    // is specified with the `*` wildcard, the gateway must specify one or more
     // HTTP headers in the value of the `Access-Control-Allow-Headers` response 
     // header. The value of the header `Access-Control-Allow-Headers` is same as 
     // the `Access-Control-Request-Headers` header provided by the client. If 
