Cross-Origin Resource Sharing (cors)

Configuration for the Cross-Origin Resource Sharing (CORS).

NameTypeDefaultDescription

allowCredentials

boolean

A boolean that indicates if the user credentials can be included in the request.

allowedHeaders

string

A comma-separated list of HTTP headers that are allowed to be used by the origin domain when making requests to the configured domain. If this is set to "*", it indicates the request can include any HTTP headers.

allowedMethods

string

A comma-separated list of HTTP methods allowed to be used by the origin domain when making requests to the configured domain.

allowedOrigins

string

null

A comma-separated list of origins that are allowed to access the configured domain. If this is set to "*", it indicates the resource is publicly accessible, with no access control checks. Also, the value of "null" indicates the domain must not be accessible.

domain

string

The domain name represents the URL being setup with these CORS settings.

exposeHeaders

string

A comma-separated list of HTTP headers that are safe to expose to the calling API.

id

string

A unique configuration ID.

maxAge

long

A long that indicates how many seconds a response to a preflight request can be cached in the browser.