io.ktor.features / CORS / Configuration

Configuration

class Configuration

CORS feature configuration

Constructors

Configuration()

CORS feature configuration

Properties

allowCredentials	`var allowCredentials: Boolean` Allow sending credentials
allowSameOrigin	`var allowSameOrigin: Boolean` Allow requests from the same origin
exposedHeaders	`val exposedHeaders: TreeSet<String>` Exposed HTTP headers that could be accessed by a client
headers	`val headers: TreeSet<String>` Allowed CORS headers
hosts	`val hosts: HashSet<String>` Allowed CORS hosts
maxAge	`var maxAge: Duration` Max-Age for cached CORS options
methods	`val methods: HashSet<HttpMethod>` Allowed HTTP methods

Functions

anyHost	`fun anyHost(): Unit` Allow requests from any host
exposeHeader	`fun exposeHeader(header: String): Unit` Allow to expose header
exposeXHttpMethodOverride	`fun exposeXHttpMethodOverride(): Unit` Allow to expose `X-Http-Method-Override` header
header	`fun header(header: String): Unit` Allow sending header
host	`fun host( host: String, schemes: List<String> = listOf("http"), subDomains: List<String> = emptyList() ): Unit` Allow requests from the specified domains and schemes
method	`fun method(method: HttpMethod): Unit` Please note that CORS operates ONLY with REAL HTTP methods and will never consider overridden methods via `X-Http-Method-Override`. However you can add them here if you are implementing CORS at client side from the scratch that you generally don’t need to do.

Companion Object Properties

CorsDefaultHeaders	`val CorsDefaultHeaders: Set<String>` Default HTTP headers that are always allowed by CORS
CorsDefaultMethods	`val CorsDefaultMethods: Set<HttpMethod>` Default HTTP methods that are always allowed by CORS