CorsRule interface

CORS is an HTTP feature that enables a web application running under one domain to access resources in another domain. Web browsers implement a security restriction known as same-origin policy that prevents a web page from calling APIs in a different domain; CORS provides a secure way to allow one domain (the origin domain) to call APIs in another domain.

Properties

allowedHeaders

The request headers that the origin domain may specify on the CORS request.

allowedMethods

The methods (HTTP request verbs) that the origin domain may use for a CORS request. (comma separated)

allowedOrigins

The origin domains that are permitted to make a request against the service via CORS. The origin domain is the domain from which the request originates. Note that the origin must be an exact case-sensitive match with the origin that the user age sends to the service. You can also use the wildcard character '*' to allow all origin domains to make requests via CORS.

exposedHeaders

The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer.

maxAgeInSeconds

The maximum amount time that a browser should cache the preflight OPTIONS request.

Property Details

allowedHeaders

The request headers that the origin domain may specify on the CORS request.

allowedHeaders: string

Property Value

string

allowedMethods

The methods (HTTP request verbs) that the origin domain may use for a CORS request. (comma separated)

allowedMethods: string

Property Value

string

allowedOrigins

The origin domains that are permitted to make a request against the service via CORS. The origin domain is the domain from which the request originates. Note that the origin must be an exact case-sensitive match with the origin that the user age sends to the service. You can also use the wildcard character '*' to allow all origin domains to make requests via CORS.

allowedOrigins: string

Property Value

string

exposedHeaders

The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer.

exposedHeaders: string

Property Value

string

maxAgeInSeconds

The maximum amount time that a browser should cache the preflight OPTIONS request.

maxAgeInSeconds: number

Property Value

number