From fc8344ec323b7b05fb81f29669c17684fd2c5b13 Mon Sep 17 00:00:00 2001
From: wilkinszhang <a1ex2658536235@gmail.com>
Date: Tue, 25 Feb 2025 10:28:15 +0800
Subject: [PATCH] fix: resolve CORS policy issue after header modification and
 re-routing

Related issue: https://github.com/alibaba/higress/issues/1769
---
 source/extensions/filters/http/cors/cors_filter.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/source/extensions/filters/http/cors/cors_filter.cc b/source/extensions/filters/http/cors/cors_filter.cc
index 5f938a54916eb..2604451e02c05 100644
--- a/source/extensions/filters/http/cors/cors_filter.cc
+++ b/source/extensions/filters/http/cors/cors_filter.cc
@@ -175,6 +175,15 @@ Http::FilterHeadersStatus CorsFilter::encodeHeaders(Http::ResponseHeaderMap& hea
     return Http::FilterHeadersStatus::Continue;
   }
 
+  // Reinitialize CORS policy, based on current route (may have changed)
+  initializeCorsPolicies();
+
+  // Check whether the current route allows the origin
+  if (!isOriginAllowed(Http::HeaderString(latched_origin_))) {
+    config_->stats().origin_invalid_.inc();
+    return Http::FilterHeadersStatus::Continue;
+  }
+
   headers.setInline(access_control_allow_origin_handle.handle(), latched_origin_);
   if (allowCredentials()) {
     headers.setReferenceInline(access_control_allow_credentials_handle.handle(),