-
Notifications
You must be signed in to change notification settings - Fork 43
CorsConfig
Thiago Bustamante edited this page Oct 22, 2017
·
13 revisions
Configurations for cors requests.
It support the following properties:
| Property | Type | Description | Required |
|---|---|---|---|
| origin | CorsOrigin | Configures the Access-Control-Allow-Origin CORS header. | true |
| methods | string[] | Configures the Access-Control-Allow-Methods CORS header. (ex: ['GET', 'PUT', 'POST']) | false |
| allowedHeaders | string[] | Configures the Access-Control-Allow-Headers CORS header. (ex: ['Content-Type', 'Authorization']). If not specified, defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header. | false |
| exposedHeaders | string[] | Configures the Access-Control-Expose-Headers CORS header. (ex: ['Content-Range', 'X-Content-Range']). If not specified, no custom headers are exposed. | false |
| credentials | boolean | Configures the Access-Control-Allow-Credentials CORS header. Set to true to pass the header, otherwise it is omitted. | false |
| maxAge | string | Configures the Access-Control-Max-Age CORS header. You can inform the amount of milisencods, or use a human-interval string to pass the header, otherwise it is omitted. | false |
| preflightContinue | boolean | Pass the CORS preflight response to the next handler. | false |
Configures the Access-Control-Allow-Origin CORS header.
It support the following properties:
| Property | Type | Description | Required |
|---|---|---|---|
| enableAll | boolean | If true, enable all origins to make cors requests. | false |
| disableAll | boolean | If true, disable all origins to make cors requests. | false |
| allow | CorsOriginConfig[] | Specify which origins are allowed. | false |
| middleware | MiddlewareConfig | An installed 'cors' middleware function, called to resolve if the request should be allowed. |
false |
All of those properties are optional, but one (and only one) of them must be present in the configuration object.
Some examples:
{
"cors" : {
"origin": {
"enableAll": true
}
}
}and
{
"cors" : {
"origin": {
"allow": { "value": "http://example1.com"}
},
"methods": ["GET", "PUT", "POST"],
"allowedHeaders": ["Content-Type", "Authorization"]
}
}or
cors:
origin:
enableAll: trueand
cors:
origin:
allow:
value: http://example1.com
methods:
- GET
- PUT
- POST
allowedHeaders:
- Content-Type
- AuthorizationConfigures the allowed cors origins.
It support the following properties:
| Property | Type | Description | Required |
|---|---|---|---|
| regexp | string | Use regular expressions to check origins that must be allowed. | false |
| value | string | The origin that must be allowed. | false |
All of those properties are optional, but one (and only one) of them must be present in the configuration object.
Example:
{
"cors" : {
"origin": {
"allow": { "regexp": "/example\\.com$/"}
}
}
}or
cors:
origin:
allow:
regexp: "/example\\.com$/"This example will reflect any request that is coming from an origin ending with "example.com".