A configuration for the
Types Constructors Functions Properties Extensions
Allow using a specified
header for the actual CORS request.
Allows using headers matching
predicate for the actual CORS request.
Allows requests from the specified domains and schemes. A wildcard is supported for either the host or any subdomain. If you specify a wildcard in the host, you cannot add specific subdomains. Otherwise, you can mix wildcard and non-wildcard subdomains as long as the wildcard is always in front of the domain, e.g.
*.sub.domain.com but not
Adds a specified
method to a list of methods allowed by CORS.
Allows using the
X-Http-Method-Override header for the actual
Allows requests from any host.
Allows exposing the
Allows passing credential information (such as cookies or authentication information) with cross-origin requests. This property sets the
Access-Control-Allow-Credentials response header to
Allows sending requests with non-simple content-types. The following content types are considered simple:
Allows requests from the same origin.
Exposed HTTP headers that could be accessed by a client.
If present represents the prefix for headers which are permitted in CORS requests.
Specifies how long the response to the preflight request can be cached without sending another preflight request.
CORS HTTP methods. Extensions
Duration to tell the client to keep CORS options.