Modify an existing CORS policy

To modify an existing API Access Control CORS policy with the local management interface, use the API Access Control CORS policies page.

  1. In the appliance top menu, Web > API Access Control > CORS Policies

  2. Select the policy to modify from the list.

  3. Click Edit. A dialog box is displayed showing the current settings.

  4. Enter the Access Control settings in the Access Control tab.

    1. Select Whether or not to set the Access-Control-Allow-Credentials header using the Allow Credentials checkbox.

    2. Add any allowed origins to the policy by clicking the Add button in the Allowed Origins toolbar. A new dialog box is shown.

      1. Enter the new origin in the Name field. This value can be either “*” to allow all origins or an individual origin of the form.
        <protocol>://<hostname>:<port>
        , where the port is optional. Do not enter a path in this field.

      2. Click Save.

    3. Add any exposed headers to the policy by clicking the Add button in the Exposed Headers toolbar. A new dialog box is shown.

      1. Enter the new header in the Name field.

      2. Click Save.

    4. Remove any allowed origins or exposed headers by selecting the item in their respective lists and click the Remove button.

  5. Enter the pre-flight check settings in the Pre-flight Check tab.

    1. Select Whether or not to enable the pre-flight check using the Handle pre-flight check checkbox. If this is not checked the remainder of the fields in this tab are not shown.

    2. Enter the maximum age of the pre-flight check response in the Maximum age field.

    3. Add any allowed methods to the policy by clicking the Add button in the Allowed Methods toolbar. A new dialog box is shown.

      1. Enter the new method in the Name field.

      2. Click Save.

    4. Add any allowed headers to the policy by clicking the Add button in the Allowed Headers toolbar. A new dialog box is shown.

      1. Enter the new header in the Name field.

      2. Click Save.

    5. Remove any allowed methods or allowed headers by selecting the item in their respective lists and click the Remove button.

  6. Click Save.

    • The policy name cannot be modified.
    • For a policy to be created there must be a unique name and at least one allowed origin specified.
    • When an existing policy is updated all of the API Access Control resources that are using the policy are also updated. This means the reverse proxy configuration files will be updated with the new settings. This overwrites all of the existing CORS policy settings.

    • To view a list of all of the internal Verify Access operations that are run to create a new CORS policy see the api_access_control.log as described in Audit the Verify Access operations performed when managing API Access Control components.

Parent topic: Manage Cross-Origin Resource Sharing (CORS) Policies