diff --git a/charts/kubezero-istio-gateway/templates/envoyfilter-grpcweb.yaml b/charts/kubezero-istio-gateway/templates/envoyfilter-grpcweb.yaml
new file mode 100644
index 00000000..3f62b7a9
--- /dev/null
+++ b/charts/kubezero-istio-gateway/templates/envoyfilter-grpcweb.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.httpFilter.grpcWeb }}
+# Inserts the grpcWeb filter into the http_connection mangager chain before the CORS filter
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: {{ include "gatewayName" . | trimPrefix "istio-" }}-grpcweb
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{ include "kubezero-lib.labels" . | nindent 4 }}
+spec:
+  workloadSelector:
+    labels:
+      {{- include "gatewaySelectorLabels" . | nindent 6 }}
+  configPatches:
+  - applyTo: HTTP_FILTER
+    match:
+      context: GATEWAY
+      listener:
+        filterChain:
+          filter:
+            name: envoy.filters.network.http_connection_manager
+            subFilter:
+              name: envoy.filters.http.cors
+    patch:
+      operation: INSERT_BEFORE
+      value:
+        name: envoy.filters.http.grpc_web
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
+{{- end }}
diff --git a/charts/kubezero-istio-gateway/values.yaml b/charts/kubezero-istio-gateway/values.yaml
index d1ad284b..410eeb26 100644
--- a/charts/kubezero-istio-gateway/values.yaml
+++ b/charts/kubezero-istio-gateway/values.yaml
@@ -44,3 +44,6 @@ hardening:
   rejectUnderscoresHeaders: true
   unescapeSlashes: true
   preserveExternalRequestId: false
+
+httpFilter:
+  grpcWeb: false
diff --git a/charts/kubezero/templates/_app.tpl b/charts/kubezero/templates/_app.tpl
index 6e461d2b..50081796 100644
--- a/charts/kubezero/templates/_app.tpl
+++ b/charts/kubezero/templates/_app.tpl
@@ -25,8 +25,7 @@ spec:
     repoURL: {{ default "https://cdn.zero-downtime.net/charts" (index .Values $name "repository") }}
     targetRevision: {{ default "HEAD" ( index .Values $name "targetRevision" ) | quote }}
     helm:
-      # add with 1.32
-      #skipTests: true
+      skipTests: true
       valuesObject:
         {{- include (print $name "-values") $ | nindent 8 }}
 
diff --git a/charts/kubezero/templates/istio-ingress.yaml b/charts/kubezero/templates/istio-ingress.yaml
index 1c53bdb2..afd46712 100644
--- a/charts/kubezero/templates/istio-ingress.yaml
+++ b/charts/kubezero/templates/istio-ingress.yaml
@@ -98,6 +98,10 @@ proxyProtocol: {{ default true (index .Values "istio-ingress" "proxyProtocol") }
 hardening:
   {{- toYaml . | nindent 2 }}
 {{- end }}
+{{- with (index .Values "istio-ingress" "httpFilter") }}
+httpFilter:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
 
 {{- end }}
 
diff --git a/charts/kubezero/templates/istio-private-ingress.yaml b/charts/kubezero/templates/istio-private-ingress.yaml
index 045972b8..5ec9062a 100644
--- a/charts/kubezero/templates/istio-private-ingress.yaml
+++ b/charts/kubezero/templates/istio-private-ingress.yaml
@@ -93,6 +93,10 @@ proxyProtocol: {{ default true (index .Values "istio-private-ingress" "proxyProt
 hardening:
   {{- toYaml . | nindent 2 }}
 {{- end }}
+{{- with (index .Values "istio-private-ingress" "httpFilter") }}
+httpFilter:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
 
 {{- end }}