The reverse proxy can support cross-origin resource sharing with CORS aware clients.
Each defined policy must at a minimum contain:
This entry is an array and can be used to specify multiple CORS policies.
|name||string||The name which is associated with this CORS policy.|
|host||string||The host (obtained from the host header in the request) for which this CORS policy will be applied. If no host header is specified all hosts will be matched.|
|paths||Array of string||The paths for which this CORS policy will be applied. This entry is an array and can be used to specify multiple paths.|
|method||string||The HTTP method for which this CORS policy will be applied.|
The definition of the CORS policy.
|allow_origins||Array of string||A list of origins which are permitted to make cross-origin requests. To allow cross-origin requests from any origin, add a single entry |
|The reverse proxy can respond to pre-flight requests using the information from this policy. If set to false, pre-flight requests will be forwarded to the protected application.|
|allow_headers||Array of string||Headers that are indicated as allowed in responses to pre-flight requests. Specifying no allow_header entries will indicate to clients that all headers are permitted. Not case-sensitive. Only valid if handle_pre_flight is set to true.|
|Maximum time (in seconds) a client should cache the results of a pre-flight request. A value of -1 indicates to clients that they should not cache, 0 indicates that clients may cache at their own discretion. Only valid if handle_pre_flight is set to true.|
|allow_methods||Array of string||Methods that are indicated as allowed in responses to pre-flight requests. Specifying no allow_method entries will indicate to clients that all methods are permitted. Case-sensitive. Only valid if handle_pre_flight is set to true.|
|Indicates to clients that authentication is required when accessing this resource.|
|expose_headers||Array of string||Indicates to clients which headers they expose from the response.|
policies: cors: - name: cors_policy_A host: www.test.com paths: - "/test" - "/development" method: GET policy: allow_origins: - www.test.com - www.example.com handle_pre_flight: true allow_headers: - test_header - test_header2 max_age: 600 allow_methods: - update - create allow_credentials: true expose_headers: - test_header - test_header2
Updated over 1 year ago