Parameter | Required | Description |
Origin | Yes | Specify the origins of allowed cross-origin requests. You can specify multiple origins and separate them by commas. You can configure * , which means that all domain names are allowed.Be careful not to omit the protocol name http or https . If the port is not the default port 80, you also need to include the port. |
Method | Yes | GET, PUT, POST, DELETE, and HEAD methods are supported. You can enumerate one or more allowed CORS request methods. |
Allow-Headers | No | Specify the custom HTTP request headers that can be used for subsequent OPTIONS requests.You can specify multiple headers and separate them by commas. You can configure * , which means that all header are allowed.If you leave this parameter empty, all headers will be denied. |
Expose-Headers | No | Specify the headers that can be exposed to the XMLHttpRequest object.You can specify multiple headers and separate them by commas. You can configure * , which means that all header are allowed.If you leave this parameter empty, all headers will be denied. |
Allow Cookies | No | Specify whether to allow cookies. |
Max-Age | Yes | Set the validity period of the result obtained by OPTIONS in seconds. The value must be a positive integer, such as 600. |
{"allow_origin":[ // Allowed origins. * is supported, indicating that all domain names are allowed"*"],"allow_methods":[ // Allowed method. Valid values: GET, PUT, POST, DELETE, HEAD"PUT","GET","POST","DELETE","HEAD"],"allow_headers":[ // Allowed request headers. * is supported, indicating that all headers are allowed"X-Api-ID"],"expose_headers":[ // Headers that can be exposed to the `XMLHttpRequest` object. * is supported, indicating that all headers are allowed"X-Api-ID"],"allow_credentials":true, // Whether to allow cookies"max_age":600 // Validity period of the result obtained by `OPTIONS` in seconds. The value must be a positive integer, such as 600}
Access-Control-Allow-Origin : *
in the response header by default.
Was this page helpful?