Server configuration: Cors element
In a config.xmlserver configuration file, the <Cors> element contains configuration properties for CORS configurations. This element has <CorsConfig> and <Rule> child elements.
Example
<Cors>
<CorsConfig name="Default">
<Rule
Access-Control-Allow-Origin="*"
Access-Control-Allow-Methods="GET, POST, PUT, DELETE"
Access-Control-Allow-Headers="Content-Type,Authorization,Accept,X-US-Transaction"
Access-Control-Allow-Credentials="true"/>
</CorsConfig>
</Cors>
Cors element
Child elements
The following table describes child elements for the <Cors> element:
| Name | Required | Description |
|---|---|---|
| CorsConfig | No | Contains a collection of rules describing a CORS configuration. |
Attributes
none
CorsConfig element
Child elements
The following table describes child elements for the <CorsConfig> element:
| Name | Required | Description |
|---|---|---|
| Rule | No | A rule used for CORS. |
Attributes
none
Rule
Child elements
none
Attributes
The following table describes attributes for the <Rule> element:
| Name | Required | Type | Description |
|---|---|---|---|
| Access-Control-Allow-Origin | No | String | Indicates which origin sites may access the resource. |
| Access-Control-Allow-Methods | No | String | Specifies the methods allowed when accessing the resources. |
| Access-Control-Allow-Headers | No | String | Specifies the headers allowed to be used in the request. |
| Access-Control-Expose-Headers | No | String | Indicates which headers can be exposed as part of the response |
| Access-Control-Max-Age | No | Integer | Indicates how long the results of a preflight request can be cached (-1 if disabled). |
| Access-Control-Allow-Credentials | No | true/false value | Indicates whether or not the response to the request can be exposed when the credentials flag is true. |