CONFIGURING

CORS JSON configuration

Configure CORS by editing the cors-rules.json file that you created.

The JSON file must contain a single JSON object with two properties:

version {string}Must be equal to "1.0".

rules {array<object>}Must be an array of valid CORS rules.

The syntax of a rule object is defined as follows:

resource {object} (Required)

Describes how to match this rule with a request URL. Supports the following properties:


allowOrigins {string | array<string>} (Required)

Specifies the list of allowed origins for this resource. Specify an array of strings where each element is an allowed origin host name, for example, "http://this.example.com". Only an origin that exactly matches one of these elements is allowed. For example, specify"http://this.example.com", "https://this.example.com", and"http://this.example.com:8080" to allow access through all of these URLs.

A value of "*" allows any origin. Its use is not recommended.

allowMethods {array<string>} (Required)

Specifies the list of allowed methods for this resource and origin. See Access-Control-Allow-Methods in the W3C Recommendation on Cross-Original Resource Sharing recommendation.

allowCredentials {boolean} (Optional)

When true, the CORS filter allows credentials for this resource and origin. See Access-Control-Allow-Credentials in the W3C Recommendation on Cross-Original Resource Sharing.

exposeHeaders {array<string>} (Optional)

Specifies the list of response headers to expose to XHR clients. This property causes the CORS filter to add an Access-Control-Expose-Headers header to responses to actual (not pre-flight) requests. Ultimately, the browser is responsible for exposing the headers to the XHR client. See Access-Control-Expose-Headers in the W3C Recommendation on Cross-Original Resource Sharing.

Related information