CORS JSON configuration
Configure CORS by editing the cors-rules.json file that you created.
The JSON file must contain a single JSON object with two properties:
version {string}
Must be equal to "1.0"
.
rules {array<object>}
Must be an array of valid CORS rules.
The syntax of a rule object is defined as follows:
resource {object} (Required)
path {string}
(Required) The resource path. WithoutstartsWith
orexact
values, the CORS filter matches any request with a path that contains this value.startsWith {boolean}
(Optional) Whentrue
, the CORS filter matches only requests with a path that starts with the value ofpath
.exact {boolean}
(Optional) Whentrue
, the CORS filter matches only requests with a path that is the exact value ofpath
. ThestartsWith
andexact
properties are mutually exclusive.
allowOrigins {string | array<string>} (Required)
Specifies the list of allowed origins for this resource. Specify an array of strings where each
element is an allowed origin host name, for example, "http://this.example.com"
.
Only an origin that exactly matches one of these elements is allowed. For example, specify
"http://this.example.com"
, "https://this.example.com"
, and
"http://this.example.com:8080"
to allow access through all of these URLs.
A value of "*"
allows any origin. Its use is not recommended.
allowMethods {array<string>} (Required)
Specifies the list of allowed methods for this resource and origin. See Access-Control-Allow-Methods in the W3C Recommendation on Cross-Original Resource Sharing recommendation.
allowCredentials {boolean} (Optional)
When true
, the CORS filter allows credentials for this resource and origin. See
Access-Control-Allow-Credentials in the W3C Recommendation on Cross-Original Resource Sharing.
exposeHeaders {array<string>} (Optional)
Specifies the list of response headers to expose to XHR clients. This property causes the CORS filter to add an Access-Control-Expose-Headers header to responses to actual (not pre-flight) requests. Ultimately, the browser is responsible for exposing the headers to the XHR client. See Access-Control-Expose-Headers in the W3C Recommendation on Cross-Original Resource Sharing.