kubernetes-sigs
diff --git a/‎apis/v1/httproute_types.go‎
Lines changed: 77 additions & 203 deletions b/‎apis/v1/httproute_types.go‎
Lines changed: 77 additions & 203 deletions
@@ -1303,49 +1303,40 @@ type HTTPRequestMirrorFilter struct {
 // HTTPCORSFilter defines a filter that that configures Cross-Origin Request
 // Sharing (CORS).
 type HTTPCORSFilter struct {
-	// AllowOrigins indicates whether the response can be shared with
-	// requested resource from the given `Origin`.
+	// AllowOrigins indicates whether the response can be shared with requested
+	// resource from the given `Origin`.
 	//
-	// The `Origin` consists of a scheme and a host, with an optional
-	// port, and takes the form `<scheme>://<host>(:<port>)`.
+	// The `Origin` consists of a scheme and a host, with an optional port, and
+	// takes the form `<scheme>://<host>(:<port>)`.
 	//
 	// Valid values for scheme are: `http` and `https`.
 	//
-	// Valid values for port are any integer between 1 and 65535
-	// (the list of available TCP/UDP ports). Note that, if not included,
-	// port `80` is assumed for `http` scheme origins, and port `443`
-	// is assumed for `https` origins. This may affect origin matching.
+	// Valid values for port are any integer between 1 and 65535 (the list of
+	// available TCP/UDP ports). Note that, if not included, port `80` is
+	// assumed for `http` scheme origins, and port `443` is assumed for `https`
+	// origins. This may affect origin matching.
 	//
-	// The host part of the origin may contain the wildcard character `*`.
-	// These wildcard characters behave as follows:
+	// The host part of the origin may contain the wildcard character `*`. These
+	// wildcard characters behave as follows:
 	//
 	// * `*` is a greedy match to the _left_, including any number of
 	//   DNS labels to the left of its position. This also means that
 	//   `*` will include any number of period `.` characters to the
 	//   left of its position.
 	// * A wildcard by itself matches all hosts.
 	//
-	// An origin value that includes _only_ the `*` character
-	// indicates requests from all `Origin`s are allowed.
+	// An origin value that includes _only_ the `*` character indicates requests
+	// from all `Origin`s are allowed.
 	//
-	// When the `AllowOrigins` field is configured with multiple
-	// origins, it means the server supports clients from multiple
-	// origins. If the request `Origin` matches the configured
-	// allowed origins, the gateway must return the given `Origin`
-	// and sets value of the header `Access-Control-Allow-Origin`
-	// same as the `Origin` header provided by the client.
+	// When the `AllowOrigins` field is configured with multiple origins, it
+	// means the server supports clients from multiple origins. If the request
+	// `Origin` matches the configured allowed origins, the gateway must return
+	// the given `Origin` and sets value of the header
+	// `Access-Control-Allow-Origin` same as the `Origin` header provided by the
+	// client.
 	//
-	// The status code of a successful response to a "preflight"
-	// request is always an OK status (i.e., 204 or 200).
-	//
-	// Input:
-	//   Origin: https://foo.example
-	//
-	// Config:
-	//   allowOrigins: ["https://foo.example", "http://foo.example", "https://test.example", "http://test.example"]
-	//
-	// Output:
-	//   Access-Control-Allow-Origin: https://foo.example
+	// The status code of a successful response to a "preflight" request is
+	// always an OK status (i.e., 204 or 200).
 	//
 	// If the request `Origin` does not match the configured allowed origins,
 	// the gateway returns 204/200 response but doesn't set the relevant
@@ -1354,76 +1345,38 @@ type HTTPCORSFilter struct {
 	// the CORS headers. The cross-origin request fails on the client side.
 	// Therefore, the client doesn't attempt the actual cross-origin request.
 	//
-	// Input:
-	//   Origin: https://foo.example
-	//
-	// Config:
-	//   allowOrigins: ["https://test.example", "http://test.example"]
-	//
-	// Output:
-	//
 	// The `Access-Control-Allow-Origin` response header can only use `*`
 	// wildcard as value when the `AllowCredentials` field is unspecified.
 	//
-	// Input:
-	//   Origin: https://foo.example
-	//
-	// Config:
-	//   allowOrigins: ["*"]
-	//
-	// Output:
-	//   Access-Control-Allow-Origin: *
-	//
-	// When the `AllowCredentials` field is specified and `AllowOrigins`
-	// field specified with the `*` wildcard, the gateway must return a
-	// single origin in the value of the `Access-Control-Allow-Origin`
-	// response header, instead of specifying the `*` wildcard. The value
-	// of the header `Access-Control-Allow-Origin` is same as the `Origin`
-	// header provided by the client.
-	//
-	// Input:
-	//   Origin: https://foo.example
-	//
-	// Config:
-	//   allowOrigins: ["*"]
-	//   allowCredentials: true
-	//
-	// Output:
-	//   Access-Control-Allow-Origin: https://foo.example
-	//   Access-Control-Allow-Credentials: true
+	// When the `AllowCredentials` field is specified and `AllowOrigins` field
+	// specified with the `*` wildcard, the gateway must return a single origin
+	// in the value of the `Access-Control-Allow-Origin` response header,
+	// instead of specifying the `*` wildcard. The value of the header
+	// `Access-Control-Allow-Origin` is same as the `Origin` header provided by
+	// the client.
 	//
 	// Support: Extended
 	// +listType=set
 	// +kubebuilder:validation:MaxItems=64
 	AllowOrigins []AbsoluteURI `json:"allowOrigins,omitempty"`
 
-	// AllowCredentials indicates whether the actual cross-origin request
-	// allows to include credentials.
+	// AllowCredentials indicates whether the actual cross-origin request allows
+	// to include credentials.
 	//
-	// The only valid value for the `Access-Control-Allow-Credentials`
-	// response header is true (case-sensitive).
+	// The only valid value for the `Access-Control-Allow-Credentials` response
+	// header is true (case-sensitive).
 	//
-	// Input:
-	//   Origin: https://foo.example
-	//
-	// Config:
-	//   allowCredentials: true
-	//
-	// Output:
-	//   Access-Control-Allow-Origin: https://foo.example
-	//   Access-Control-Allow-Credentials: true
-	//
-	// If the credentials are not allowed in cross-origin requests,
-	// the gateway will omit the header `Access-Control-Allow-Credentials`
-	// entirely rather than setting its value to false.
+	// If the credentials are not allowed in cross-origin requests, the gateway
+	// will omit the header `Access-Control-Allow-Credentials` entirely rather
+	// than setting its value to false.
 	//
 	// Support: Extended
 	//
 	// +optional
 	AllowCredentials *LowercaseTrue `json:"allowCredentials,omitempty"`
 
-	// AllowMethods indicates which HTTP methods are supported
-	// for accessing the requested resource.
+	// AllowMethods indicates which HTTP methods are supported for accessing the
+	// requested resource.
 	//
 	// Valid values are any method defined by RFC9110, along with the special
 	// value `*`, which represents all HTTP methods are allowed.
@@ -1435,130 +1388,72 @@ type HTTPCORSFilter struct {
 	// response header are separated by a comma (",").
 	//
 	// A CORS-safelisted method is a method that is `GET`, `HEAD`, or `POST`.
-	// (See https://fetch.spec.whatwg.org/#cors-safelisted-method)
-	// The CORS-safelisted methods are always allowed, regardless of whether
-	// they are specified in the `AllowMethods` field.
+	// (See https://fetch.spec.whatwg.org/#cors-safelisted-method) The
+	// CORS-safelisted methods are always allowed, regardless of whether they
+	// are specified in the `AllowMethods` field.
 	//
-	// When the `AllowMethods` field is configured with one or more methods,
-	// the gateway must return the `Access-Control-Allow-Methods` response
-	// header which value is present in the `AllowMethods` field.
+	// When the `AllowMethods` field is configured with one or more methods, the
+	// gateway must return the `Access-Control-Allow-Methods` response header
+	// which value is present in the `AllowMethods` field.
 	//
 	// If the HTTP method of the `Access-Control-Request-Method` request header
 	// is not included in the list of methods specified by the response header
 	// `Access-Control-Allow-Methods`, it will present an error on the client
 	// side.
 	//
-	// Input:
-	//   Access-Control-Request-Method: PUT
-	//
-	// Config:
-	//   allowMethods: ["GET", "POST", "DELETE", "PATCH", "OPTIONS"]
-	//
-	// Output:
-	//   Access-Control-Allow-Methods: GET, POST, DELETE, PATCH, OPTIONS
-	//
 	// The `Access-Control-Allow-Methods` response header can only use `*`
 	// wildcard as value when the `AllowCredentials` field is unspecified.
 	//
-	// Input:
-	//   Access-Control-Request-Method: PUT
-	//
-	// Config:
-	//   allowMethods: ["*"]
-	//
-	// Output:
-	//   Access-Control-Allow-Methods: *
-	//
-	// When the `AllowCredentials` field is specified and `AllowMethods`
-	// field specified with the `*` wildcard, the gateway must specify one
-	// HTTP method in the value of the Access-Control-Allow-Methods response
-	// header. The value of the header `Access-Control-Allow-Methods` is same
-	// as the `Access-Control-Request-Method` header provided by the client.
-	// If the header `Access-Control-Request-Method` is not included in the
-	// request, the gateway will omit the `Access-Control-Allow-Methods`
-	// response header, instead of specifying the `*` wildcard. A Gateway
-	// implementation may choose to add implementation-specific default
-	// methods.
-	//
-	// Input:
-	//   Access-Control-Request-Method: PUT
-	//
-	// Config:
-	//   allowMethods: ["*"]
-	//   allowCredentials: true
-	//
-	// Output:
-	//   Access-Control-Allow-Methods: PUT
-	//   Access-Control-Allow-Credentials: true
+	// When the `AllowCredentials` field is specified and `AllowMethods` field
+	// specified with the `*` wildcard, the gateway must specify one HTTP method
+	// in the value of the Access-Control-Allow-Methods response header. The
+	// value of the header `Access-Control-Allow-Methods` is same as the
+	// `Access-Control-Request-Method` header provided by the client. If the
+	// header `Access-Control-Request-Method` is not included in the request,
+	// the gateway will omit the `Access-Control-Allow-Methods` response header,
+	// instead of specifying the `*` wildcard. A Gateway implementation may
+	// choose to add implementation-specific default methods.
 	//
 	// Support: Extended
 	//
 	// +listType=set
 	// +kubebuilder:validation:MaxItems=9
-	// +kubebuilder:validation:UniqueItems=true
 	AllowMethods []HTTPMethodWithWildcard `json:"allowMethods,omitempty"`
 
-	// AllowHeaders indicates which HTTP request headers are supported
-	// for accessing the requested resource.
+	// AllowHeaders indicates which HTTP request headers are supported for
+	// accessing the requested resource.
 	//
 	// Header names are not case sensitive.
 	//
 	// Multiple header names in the value of the `Access-Control-Allow-Headers`
 	// response header are separated by a comma (",").
 	//
-	// When the `AllowHeaders` field is configured with one or more headers,
-	// the gateway must return the `Access-Control-Allow-Headers` response
-	// header which value is present in the `AllowHeaders` field.
+	// When the `AllowHeaders` field is configured with one or more headers, the
+	// gateway must return the `Access-Control-Allow-Headers` response header
+	// which value is present in the `AllowHeaders` field.
 	//
 	// If any header name in the `Access-Control-Request-Headers` request header
-	// is not included in the list of header names specified by the response header
-	// `Access-Control-Allow-Headers`, it will present an error on the client side.
+	// is not included in the list of header names specified by the response
+	// header `Access-Control-Allow-Headers`, it will present an error on the
+	// client side.
 	//
-	// If any header name in the `Access-Control-Allow-Headers` response header does
-	// not recognize by the client, it will also occur an error on the client side.
-	//
-	// Input:
-	//   Access-Control-Request-Headers: Cache-Control, Content-Type
-	//
-	// Config:
-	//   allowHeaders: ["DNT", "Keep-Alive", "User-Agent", "X-Requested-With", "If-Modified-Since", "Cache-Control", "Content-Type", "Range", "Authorization"]
-	//
-	// Output:
-	//   Access-Control-Allow-Headers: DNT, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Range, Authorization
+	// If any header name in the `Access-Control-Allow-Headers` response header
+	// does not recognize by the client, it will also occur an error on the
+	// client side.
 	//
 	// A wildcard indicates that the requests with all HTTP headers are allowed.
-	// The `Access-Control-Allow-Headers` response header can only use `*` wildcard
-	// as value when the `AllowCredentials` field is unspecified.
-	//
-	// Input:
-	//   Access-Control-Request-Headers: Content-Type, Cache-Control
-	//
-	// Config:
-	//   allowHeaders: ["*"]
-	//
-	// Output:
-	//   Access-Control-Allow-Headers: *
+	// The `Access-Control-Allow-Headers` response header can only use `*`
+	// wildcard as value when the `AllowCredentials` field is unspecified.
 	//
 	// When the `AllowCredentials` field is specified and `AllowHeaders` field
 	// specified with the `*` wildcard, the gateway must specify one or more
 	// HTTP headers in the value of the `Access-Control-Allow-Headers` response
 	// header. The value of the header `Access-Control-Allow-Headers` is same as
 	// the `Access-Control-Request-Headers` header provided by the client. If
-	// the header `Access-Control-Request-Headers` is not included in the request,
-	// the gateway will omit the `Access-Control-Allow-Headers` response header,
-	// instead of specifying the `*` wildcard. A Gateway implementation may choose
-	// to add implementation-specific default headers.
-	//
-	// Input:
-	//   Access-Control-Request-Headers: Content-Type, Cache-Control
-	//
-	// Config:
-	//   allowHeaders: ["*"]
-	//   allowCredentials: true
-	//
-	// Output:
-	//   Access-Control-Allow-Headers: Content-Type, Cache-Control
-	//   Access-Control-Allow-Credentials: true
+	// the header `Access-Control-Request-Headers` is not included in the
+	// request, the gateway will omit the `Access-Control-Allow-Headers`
+	// response header, instead of specifying the `*` wildcard. A Gateway
+	// implementation may choose to add implementation-specific default headers.
 	//
 	// Support: Extended
 	//
@@ -1582,29 +1477,19 @@ type HTTPCORSFilter struct {
 	// (See https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name)
 	// The CORS-safelisted response headers are exposed to client by default.
 	//
-	// When an HTTP header name is specified using the `ExposeHeaders` field, this
-	// additional header will be exposed as part of the response to the client.
+	// When an HTTP header name is specified using the `ExposeHeaders` field,
+	// this additional header will be exposed as part of the response to the
+	// client.
 	//
 	// Header names are not case sensitive.
 	//
 	// Multiple header names in the value of the `Access-Control-Expose-Headers`
 	// response header are separated by a comma (",").
 	//
-	// Config:
-	//   exposeHeaders: ["Content-Security-Policy", "Content-Encoding"]
-	//
-	// Output:
-	//   Access-Control-Expose-Headers: Content-Security-Policy, Content-Encoding
-	//
 	// A wildcard indicates that the responses with all HTTP headers are exposed
-	// to clients. The `Access-Control-Expose-Headers` response header can only use
-	// `*` wildcard as value when the `AllowCredentials` field is unspecified.
-	//
-	// Config:
-	//   exposeHeaders: ["*"]
-	//
-	// Output:
-	//   Access-Control-Expose-Headers: *
+	// to clients. The `Access-Control-Expose-Headers` response header can only
+	// use `*` wildcard as value when the `AllowCredentials` field is
+	// unspecified.
 	//
 	// Support: Extended
 	//
@@ -1613,26 +1498,15 @@ type HTTPCORSFilter struct {
 	// +kubebuilder:validation:MaxItems=64
 	ExposeHeaders []HTTPHeaderName `json:"exposeHeaders,omitempty"`
 
-	// MaxAge indicates the duration (in seconds) for the client to cache
-	// the results of a "preflight" request.
+	// MaxAge indicates the duration (in seconds) for the client to cache the
+	// results of a "preflight" request.
 	//
 	// The information provided by the `Access-Control-Allow-Methods` and
 	// `Access-Control-Allow-Headers` response headers can be cached by the
 	// client until the time specified by `Access-Control-Max-Age` elapses.
 	//
-	// The default value of `Access-Control-Max-Age` response header is
-	// 5 (seconds).
-	//
-	// When the `MaxAge` field is unspecified, the gateway sets the response
-	// header "Access-Control-Max-Age: 5" by default.
-	//
-	// Config:
-	//   maxAge: 1728000
-	//
-	// Output:
-	//   Access-Control-Max-Age: 1728000
-	//
-	// Support: Extended
+	// The default value of `Access-Control-Max-Age` response header is 5
+	// (seconds).
 	//
 	// +optional
 	// +kubebuilder:default=5