From cef073e2a1c2f6678b40f34efcf61d60bc9b79e9 Mon Sep 17 00:00:00 2001
From: "Adi (Suissa) Peleg" <adip@google.com>
Date: Fri, 22 Nov 2024 17:05:09 -0500
Subject: [PATCH] cors: refactor loop to if (#37257)

Signed-off-by: Adi Suissa-Peleg <adip@google.com>
---
 .../extensions/filters/http/cors/cors_filter.cc  | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/source/extensions/filters/http/cors/cors_filter.cc b/source/extensions/filters/http/cors/cors_filter.cc
index 49fba6d4a54e..7fb1b78bba73 100644
--- a/source/extensions/filters/http/cors/cors_filter.cc
+++ b/source/extensions/filters/http/cors/cors_filter.cc
@@ -292,17 +292,17 @@ bool CorsFilter::allowPrivateNetworkAccess() {
 }
 
 bool CorsFilter::shadowEnabled() {
-  for (const Router::CorsPolicy& policy : policies_) {
-    return policy.shadowEnabled();
-  }
-  return false;
+  // The policies_ vector is ordered from most-specific (route-entry) to the
+  // most-generic (virtual-host). This will return the most-specific
+  // shadow-enabled value (if exists).
+  return policies_.empty() ? false : policies_[0].get().shadowEnabled();
 }
 
 bool CorsFilter::enabled() {
-  for (const Router::CorsPolicy& policy : policies_) {
-    return policy.enabled();
-  }
-  return false;
+  // The policies_ vector is ordered from most-specific (route-entry) to the
+  // most-generic (virtual-host). This will return the most-specific enabled
+  // value (if exists).
+  return policies_.empty() ? false : policies_[0].get().enabled();
 }
 
 } // namespace Cors