Create a CORS policy

To create a new API Access Control CORS policy with the local management interface, use the API Access Control CORS policies page.

Steps

1. In the appliance top menu, Web > API Access Control > CORS Policies

2. Click Add. A dialog box is displayed prompting for policy details.

3. Enter the name for the new CORS policy in the Name field.

4. Enter the Access Control settings in the Access Control tab.

   1. Select Whether or not to set the Access-Control-Allow-Credentials header using the Allow Credentials checkbox.

   2. Add any allowed origins to the policy by clicking the Add button in the Allowed Origins toolbar. A new dialog box is shown.

      1. Enter the new origin in the Name field. This value can be either “*” to allow all origins or an individual origin of the form

         <protocol>://<hostname>:<port>

         , where the port is optional. Do not enter a path in this field.

      2. Click Save.

   3. Add any exposed headers to the policy by clicking the Add button in the Exposed Headers toolbar. A new dialog box is shown.

      1. Enter the new header in the Name field.

      2. Click Save.

   4. Remove any allowed origins or exposed headers by selecting the item in their respective lists and click the Remove button.

5. Enter the pre-flight check settings in the Pre-flight Check tab.

   1. Select Whether or not to enable the pre-flight check using the Handle pre-flight check checkbox. If this is not checked the remainder of the fields in this tab are not shown.

   2. Enter the maximum age of the pre-flight check response in the Maximum age field.

   3. Add any allowed methods to the policy by clicking the Add button in the Allowed Methods toolbar. A new dialog box is shown.

      1. Enter the new method in the Name field.

      2. Click Save.

   4. Add any allowed headers to the policy by clicking the Add button in the Allowed Headers toolbar. A new dialog box is shown.

      1. Enter the new header in the Name field.

      2. Click Save.

   5. Remove any allowed methods or allowed headers by selecting the item in their respective lists and click the Remove button.

6. Click Save.
   • For a policy to be created there must be a unique name and at least one allowed origin specified.

   • To view a list of all of the internal Verify Access operations that are run to create a new CORS policy see the api_access_control.log as described in Audit the Verify Access operations performed when managing API Access Control components.

Parent topic: Manage Cross-Origin Resource Sharing (CORS) Policies