CorsRule interface
CORS is an HTTP feature that enables a web application running under one domain to access resources in another domain. Web browsers implement a security restriction known as same-origin policy that prevents a web page from calling APIs in a different domain; CORS provides a secure way to allow one domain (the origin domain) to call APIs in another domain.
Properties
allowed |
The request headers that the origin domain may specify on the CORS request. |
allowed |
The methods (HTTP request verbs) that the origin domain may use for a CORS request. (comma separated) |
allowed |
The origin domains that are permitted to make a request against the service via CORS. The origin domain is the domain from which the request originates. Note that the origin must be an exact case-sensitive match with the origin that the user age sends to the service. You can also use the wildcard character '*' to allow all origin domains to make requests via CORS. |
exposed |
The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. |
max |
The maximum amount time that a browser should cache the preflight OPTIONS request. |
Property Details
allowedHeaders
The request headers that the origin domain may specify on the CORS request.
allowedHeaders: string
Property Value
string
allowedMethods
The methods (HTTP request verbs) that the origin domain may use for a CORS request. (comma separated)
allowedMethods: string
Property Value
string
allowedOrigins
The origin domains that are permitted to make a request against the service via CORS. The origin domain is the domain from which the request originates. Note that the origin must be an exact case-sensitive match with the origin that the user age sends to the service. You can also use the wildcard character '*' to allow all origin domains to make requests via CORS.
allowedOrigins: string
Property Value
string
exposedHeaders
The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer.
exposedHeaders: string
Property Value
string
maxAgeInSeconds
The maximum amount time that a browser should cache the preflight OPTIONS request.
maxAgeInSeconds: number
Property Value
number