Next line returns 200 as status https://github.com/Kong/kong/blob/c817fada7a514d84f6e0aab7461605c71bf3a841/kong/plugins/cors/handler.lua#L13

Internet says it should return 204:

• https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
• https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1#preflight-requests

Internet changed its mind since 2018 https://

On contexts with many APIs and APIs calling other APIs in chains, having too many spans in the zipkin/jaeger dashboards may lead to a too complex usage of such dashboards and of not necessary big data volumes.

For Tyk's admin team, the steps representing the time spent in each Tyk middleware are much valuable.

But the upstream APIs teams just want to know the global time spent in Tyk interna

Expected Behavior / New Feature

Support sticky sessions for ServiceDiscoveryProviders

Actual Behavior / Motivation for New Feature

When using websockets with ocelot in a distributed system, problem can arise since ocelot, as far as i know, doesn't support sticky sessions when working with service discovery providers.

The functionality could be great if it could work with both consul

Global rule is only mentioned in doc/architecture-design.md. We should add a new section in doc/admin-api.md.

Is your feature request related to a problem? Please describe.
Gloo Edge users want an easy-to-implement solution for CSRF protection of their applications.

Describe the solution you'd like
Add support for upstream CSRF filter in Gloo Edge.
https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/http/csrf/v2/csrf.proto
https://www.envoyproxy.io/docs/envoy/latest/start/sandb

Feature Request

Is your feature request related to a problem? Please describe

现在这个AppAuthQueryDTO放到query包下面了

Describe the solution you'd like

和其他地方保持一致, 建议去掉然后直接使用AppAuthQuery

If not for some particular exceptions, the status code returned from our WebAPI on error is always 500, regardless of the kind of error.

If an object already exists, for example, it should be returned as 409. If the object does not pass the schema validation, it should be a 415.

Go through the whole WebAPI and verify that the status codes are being returned correctly.

Hint: Error cl

Describe the bug

Hi there! 👋

I'm adding an origin of this form http://foo.s3-website-eu-west-1.amazonaws.com.

As other issues revealed those kind of origins are not an S3OriginConfig but a CustomOriginConfig.

So it might help to exclude these kind of origins, o

sls invoke is useful for testing our API one request at a time.

It would be nice to spin up a local version of the API on localhost to enable us to develop our frontend apps against it, and to more easily run integration and E2E tests.