CORSConfig

Allows passing credential information (such as cookies or authentication information) with cross-origin requests. This property sets the Access-Control-Allow-Credentials response header to true.

Allows sending requests with non-simple content-types. The following content types are considered simple:

Allows requests from the same origin.

Exposed HTTP headers that could be accessed by a client.

If present represents the prefix for headers which are permitted in CORS requests.

Allowed CORS headers.

Allowed CORS hosts.

Duration to tell the client to keep CORS options.

Specifies how long the response to the preflight request can be cached without sending another preflight request.

Allowed CORS HTTP methods.

Allow using a specified header for the actual CORS request.

Allows using headers matching predicate for the actual CORS request.

Allows using headers prefixed with headerPrefix for the actual CORS request.

Allows requests from the specified domains and schemes. A wildcard is supported for either the host or any subdomain. If you specify a wildcard in the host, you cannot add specific subdomains. Otherwise, you can mix wildcard and non-wildcard subdomains as long as the wildcard is always in front of the domain, e.g. *.sub.domain.com but not sub.*.domain.com.

Adds a specified method to a list of methods allowed by CORS.

Allows using an origin matching predicate for the actual CORS request.

Allows using the X-Http-Method-Override header for the actual CORS request.

Allows requests from any host.

Allows requests with any HTTP method.

Allows exposing the header using Access-Control-Expose-Headers. The Access-Control-Expose-Headers header adds the specified headers to the allowlist that JavaScript in browsers can access.