CORS Policy
Property | Cors (object) |
---|---|
additionalProperties | false |
properties | access-control-allow-credentials , access-control-allow-headers , access-control-allow-methods , access-control-allow-origins , access-control-expose-headers , access-control-max-age |
optional | access-control-allow-credentials , access-control-allow-headers , access-control-allow-methods , access-control-expose-headers , access-control-max-age |
Defines the Cross-Origin Resource Sharing (CORS) policy configured for this API.
access-control-allow-credentials
Property | access-control-allow-credentials (boolean) |
---|---|
Controls the HTTP Access-Control-Allow-Credentials
response header, which tells browsers whether the server allows credentials to be included in cross-origin HTTP requests.
access-control-allow-headers
Property | access-control-allow-headers (array) |
---|---|
Array Item | string |
Controls the HTTP Access-Control-Allow-Headers
response header, which is used in response to a preflight request to indicate the HTTP headers that can be used during the actual request. This header is required if the preflight request contains Access-Control-Request-Headers
.
access-control-allow-methods
Property | access-control-allow-methods (array) |
---|---|
Array Item | string |
Controls the HTTP Access-Control-Allow-Methods
response header, which specifies one or more HTTP request methods allowed when accessing a resource in response to a preflight request.
access-control-allow-origins
Property | access-control-allow-origins (array) |
---|---|
Array Item | string |
Controls the HTTP Access-Control-Allow-Origin
response header, which indicates whether the response can be shared with requesting code from the given origin.
access-control-expose-headers
Property | access-control-expose-headers (array) |
---|---|
Array Item | string |
Controls the HTTP Access-Control-Expose-Headers
response header, which allows a server to indicate which response headers should be made available to scripts running in the browser in response to a cross-origin request.
access-control-max-age
Property | access-control-max-age (integer) |
---|---|
$ref | delta-seconds |
Controls the HTTP Access-Control-Max-Age
response header indicates how long the results of a preflight request (that is, the information contained in the Access-Control-Allow-Methods
and Access-Control-Allow-Headers
headers) can be cached.
delta-seconds
Property | access-control-max-age (integer) |
---|---|
minimum | 0 |
Maximum number of seconds for which the results can be cached as an unsigned non-negative integer. Firefox caps this at 24 hours (86400 seconds). Chromium (prior to v76) caps at 10 minutes (600 seconds). Chromium (starting in v76) caps at 2 hours (7200 seconds). The default value is 5 seconds.