[cors-policy:policy-name] stanza

Use this stanza to house configuration that is specific to a particular CORS policy. The <policy-name> component of the stanza name must be changed to the name the policy will be given.

• request-match
  Use this entry to define the pattern to be matched against the HTTP request line, which includes method, URI, and protocol.
• allow-origin
  The allow-origin entry specifies which origins presented by clients are permitted to make cross-origin requests to resources which this policy is applicable to.
• allow-credentials
  The allow-credentials entry controls whether or not the reverse proxy returns the Access-Control-Allow-Credentials header to clients.
• expose-header
  The expose-header entry specifies which headers the reverse proxy returns, if any, in the Access-Control-Expose-Headers header to cross-origin requests.
• handle-preflight
  Use this entry to control whether or not the reverse proxy generates responses to pre-flight requests.
• allow-header
  The allow-header entry specifies which headers are presented in preflight responses to clients as acceptable to use when making cross-origin requests to resources which this policy is applicable to.
• allow-method
  The allow-method entry specifies which methods will be presented in preflight responses to clients as acceptable to use when making cross-origin requests to resources which this policy is applicable to.
• max-age
  The max-age entry specifies the amount of time that clients may cache the results of a pre-flight response.

Parent topic: Stanza reference