CORS Plugin

cors

CORS gives web servers cross-domain access controls, which enable secure cross-domain data transfers.

Configuration

Name Type Description
allow_origins array Defines a list of origins that may access the resource. Default value [”*”].
allow_methods array Defines a list methods allowed when accessing the resource. This is used in response to a preflight request. Default value [“HEAD”, “PUT”, “PATCH”, “POST”, “DELETE”].
allow_headers array Defines a list of request headers that can be used when making the actual request. This in response to a preflight request. Default value [].
allow_credentials bool Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Default value false.
expose_headers array Defines a whitelist headers that clients are allowed to access. Default value [].
max_age number Indicates how long (in seconds) the results of a preflight request can be cached. Default value 0.