corsSupport


Cross-origin resource sharing (CORS) allows web pages in one domain to access restricted resources from your domain. Specify external origin hostnames, methods, and headers that you want to accept via HTTP response headers. Full support of CORS requires allowing requests that use the OPTIONS method. See allow‚ÄčOptions.

OptionTypeDescriptionRequires
enabledboolean

Enables CORS feature.

{"displayType":"boolean","tag":"input","type":"checkbox"}
allow‚ÄčOriginsenum

In responses to preflight requests, sets which origin hostnames to accept requests from.

{"displayType":"enum","options":["ANY","SPECIFIED"],"tag":"select"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
ANY

Accept from any origin hostname.

SPECIFIED

Accept from a set of origin hostnames.

originsstring array

Defines the origin hostnames to accept requests from. The hostnames that you enter need to start with http or https. For detailed hostname syntax requirements, refer to RFC-952 and RFC-1123 specifications.

allow‚ÄčOrigins is SPECIFIED
{"displayType":"string array","tag":"input","todo":true}
{"if":{"attribute":"allowOrigins","op":"eq","value":"SPECIFIED"}}
allow‚ÄčCredentialsboolean

Accepts requests made using credentials, like cookies or TLS client certificates.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
allow‚ÄčHeadersenum

In responses to preflight requests, defines which headers to allow when making the actual request.

{"displayType":"enum","options":["ANY","SPECIFIED"],"tag":"select"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
ANY

Allow any headers.

SPECIFIED

Allow a specific set of headers.

headersstring array

Defines the supported request headers.

allow‚ÄčHeaders is SPECIFIED
{"displayType":"string array","tag":"input","todo":true}
{"if":{"attribute":"allowHeaders","op":"eq","value":"SPECIFIED"}}
methodsstring array

Specifies any combination of the following methods: DELETE, GET, PATCH, POST, and PUT that are allowed when accessing the resource from an external domain.

{"displayType":"string array","options":["GET","POST","DELETE","PUT","PATCH"],"tag":"select"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
expose‚ÄčHeadersstring array (allows¬†variables)

In responses to preflight requests, lists names of headers that clients can access. By default, clients can access the following simple response headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, and Pragma. You can add other header names to make them accessible to clients.

{"displayType":"string array","tag":"input","todo":true}
{"if":{"attribute":"enabled","op":"eq","value":true}}
preflight‚ÄčMax‚ÄčAgestring (duration)

Defines the number of seconds that the browser should cache the response to a preflight request.

{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"enabled","op":"eq","value":true}}