docs: update godoc for new AllowCredentials

shaneutt · k8s-ci-robot · commit 8d0a08793346 · 2025-07-10T07:35:34.000-07:00
Signed-off-by: Shane Utt &lt;shaneutt@linux.com&gt;
diff --git a/apis/v1/httproute_types.go b/apis/v1/httproute_types.go
@@ -1344,9 +1344,9 @@ type HTTPCORSFilter struct {
 	// Therefore, the client doesn't attempt the actual cross-origin request.
 	//
 	// The `Access-Control-Allow-Origin` response header can only use `*`
-	// wildcard as value when the `AllowCredentials` field is unspecified.
+	// wildcard as value when the `AllowCredentials` field is false or omitted.
 	//
-	// When the `AllowCredentials` field is specified and `AllowOrigins` field
+	// When the `AllowCredentials` field is true and `AllowOrigins` field
 	// specified with the `*` wildcard, the gateway must return a single origin
 	// in the value of the `Access-Control-Allow-Origin` response header,
 	// instead of specifying the `*` wildcard. The value of the header
@@ -1361,12 +1361,12 @@ type HTTPCORSFilter struct {
 	// AllowCredentials indicates whether the actual cross-origin request allows
 	// to include credentials.
 	//
-	// The only valid value for the `Access-Control-Allow-Credentials` response
-	// header is true (case-sensitive).
+	// When set to true, the gateway will include the `Access-Control-Allow-Credentials`
+	// response header with value true (case-sensitive).
 	//
-	// If the credentials are not allowed in cross-origin requests, the gateway
-	// will omit the header `Access-Control-Allow-Credentials` entirely rather
-	// than setting its value to false.
+	// When set to false or omitted the gateway will omit the header
+	// `Access-Control-Allow-Credentials` entirely (this is the standard CORS
+	// behavior).
 	//
 	// Support: Extended
 	//
@@ -1400,9 +1400,9 @@ type HTTPCORSFilter struct {
 	// side.
 	//
 	// The `Access-Control-Allow-Methods` response header can only use `*`
-	// wildcard as value when the `AllowCredentials` field is unspecified.
+	// wildcard as value when the `AllowCredentials` field is false or omitted.
 	//
-	// When the `AllowCredentials` field is specified and `AllowMethods` field
+	// When the `AllowCredentials` field is true and `AllowMethods` field
 	// specified with the `*` wildcard, the gateway must specify one HTTP method
 	// in the value of the Access-Control-Allow-Methods response header. The
 	// value of the header `Access-Control-Allow-Methods` is same as the
@@ -1442,9 +1442,9 @@ type HTTPCORSFilter struct {
 	//
 	// A wildcard indicates that the requests with all HTTP headers are allowed.
 	// The `Access-Control-Allow-Headers` response header can only use `*`
-	// wildcard as value when the `AllowCredentials` field is unspecified.
+	// wildcard as value when the `AllowCredentials` field is false or omitted.
 	//
-	// When the `AllowCredentials` field is specified and `AllowHeaders` field
+	// When the `AllowCredentials` field is true and `AllowHeaders` field
 	// specified with the `*` wildcard, the gateway must specify one or more
 	// HTTP headers in the value of the `Access-Control-Allow-Headers` response
 	// header. The value of the header `Access-Control-Allow-Headers` is same as
@@ -1487,8 +1487,7 @@ type HTTPCORSFilter struct {
 	//
 	// A wildcard indicates that the responses with all HTTP headers are exposed
 	// to clients. The `Access-Control-Expose-Headers` response header can only
-	// use `*` wildcard as value when the `AllowCredentials` field is
-	// unspecified.
+	// use `*` wildcard as value when the `AllowCredentials` field is false or omitted.
 	//
 	// Support: Extended
 	//
