- Property Manager name: CORS Protocol Support
- Behavior version: The
v2024-10-21
rule format supports thecors_support
behavior v1.0. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: Yes
Cross-origin resource sharing (CORS) allows web pages in one domain to access restricted resources from your domain. Specify external origin hostnames, methods, and headers that you want to accept via HTTP response headers. Full support of CORS requires allowing requests that use the OPTIONS method. See allow_options
.
Option | Type | Description | Requires | |
---|---|---|---|---|
enabled | boolean | Enables CORS feature. | {"displayType":"boolean","tag":"input","type":"checkbox"} | |
allow_origins | enum | In responses to preflight requests, sets which origin hostnames to accept requests from. | {"displayType":"enum","options":["ANY","SPECIFIED"],"tag":"select"} {"if":{"attribute":"enabled","op":"eq","value":true}} | |
ANY | Accept from any origin hostname. | |||
SPECIFIED | Accept from a set of origin hostnames. | |||
origins | string array | Defines the origin hostnames to accept requests from. The hostnames that you enter need to start with | allow_origins is SPECIFIED | {"displayType":"string array","tag":"input","todo":true} {"if":{"attribute":"allowOrigins","op":"eq","value":"SPECIFIED"}} |
allow_credentials | boolean | Accepts requests made using credentials, like cookies or TLS client certificates. | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enabled","op":"eq","value":true}} | |
allow_headers | enum | In responses to preflight requests, defines which headers to allow when making the actual request. | {"displayType":"enum","options":["ANY","SPECIFIED"],"tag":"select"} {"if":{"attribute":"enabled","op":"eq","value":true}} | |
ANY | Allow any headers. | |||
SPECIFIED | Allow a specific set of headers. | |||
headers | string array | Defines the supported request headers. | allow_headers is SPECIFIED | {"displayType":"string array","tag":"input","todo":true} {"if":{"attribute":"allowHeaders","op":"eq","value":"SPECIFIED"}} |
methods | string array | Specifies any combination of the following methods: | {"displayType":"string array","options":["GET","POST","DELETE","PUT","PATCH"],"tag":"select"} {"if":{"attribute":"enabled","op":"eq","value":true}} | |
expose_headers | string array (allows variables) | In responses to preflight requests, lists names of headers that clients can access. By default, clients can access the following simple response headers: | {"displayType":"string array","tag":"input","todo":true} {"if":{"attribute":"enabled","op":"eq","value":true}} | |
preflight_max_age | string (duration) | Defines the number of seconds that the browser should cache the response to a preflight request. | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"enabled","op":"eq","value":true}} |