RapidIdentity Product Guides - 2019 Rolling Release

cors.allowedHeaders

string

Comma-separated list of HTTP request headers which can be used when making a cross-origin request. These headers will also be returned in the Access-Control-Allow-Headers header in pre-flight responses. Default: Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization

cors.allowedMethods

string

Comma-separated list of HTTP methods which can be used to access resources using cross-origin requests. These are the methods which will also be included in the Access-Control-Allow-Methods header in pre-flight responses. Default:GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS

cors.allowedOrigins

string

Comma-separated list of origins allowed to access resources on the server using cross-origin requests. A value of "*" indicates that resources are allowed to be accessed from any origin. Default: *

cors.exposedHeaders

string

Comma-separated list of headers other than simple response headers that browsers are allowed to access. These are the headers which will be included in the Access-Control-Expose-Headers header in pre-flight responses. Default:

cors.maxAge

integer

The amount of seconds a browser is allowed to cache the result of a pre-flight request. This will be included as the Access-Control-Max-Age header in pre-flight responses. A negative value will prevent the header from being included in pre-flight responses. Default: 1800

cors.supportsCredentials

boolean

Whether user credentials are supported for cross-origin requests. This flag is exposed as part of the Access-Control-Allow-Credentials header in pre-flight responses. It helps browsers determine whether or not an actual request can be made using credentials. Default: false