To protect my API I want to filter requests going to an API by the values in the Origin header.

(I understand this can’t be spoofed in a browser)

I thought that it was pretty simple and there must be a Kong plugin for that

I have checked through all the plugins and I can’t find one. Can anyone point me in the right direction?
Thanks
Robert

You can use the CORS plugin to disallow any traffic that doesn’t your Origins policy.

Hi @Robert_Metcalf! Besides the security concerns, you can write a plugin to do that, very easy. Take a look at my Github, I have something similar (abandoned): https://github.com/kayaman/kong-plugin-x-country
It would be a pleasure to help, if you need.