-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathcors-rules.example.yml
35 lines (33 loc) · 2.48 KB
/
cors-rules.example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# Copyright 2022 Nikita Petko <petko@vmminfra.net>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# CORs rules for routes.
# You can define the rules for a route on every host.
# The rules are applied in the order they are found.
# Route template is a regex that will be matched against the request URI (without the query string).
- routeTemplate: .* # Matches any request URI. If the route template is not specified, this value will be inferred from the route.
hostname: "*" # Matches any hostname. If the hostname is not specified, this value will be inferred.
method: "*" # Matches any method. If the method is not specified, this value will be inferred.
scheme: "*" # Matches any scheme. If the scheme is not specified, this value will be inferred.
allowCredentials: true # If true, allows credentials to be sent. If this value is not specified, it will default to false.
allowedHeaders:
- "*" # Responds with 'Access-Control-Allow-Headers: *'. If this value is not specified, it will default to an empty list.
allowedMethods:
- "*" # Responds with 'Access-Control-Allow-Methods: *'. If this value is not specified, it will default to an empty list.
allowedOrigins:
- "*" # Responds with 'Access-Control-Allow-Origin: *'. If this value is not specified, it will default to an empty list.
exposedHeaders:
- "Example-Header" # Responds with 'Access-Control-Expose-Headers: Example-Header'. If this value is not specified, it will default to an empty list.
maxAge: 3600 # Responds with 'Access-Control-Max-Age: 3600'. If this value is not specified, it will not be present in the response.
allowRequestOriginIfNoAllowedOrigins: false # If true, allows the request origin to be sent if no allowed origins are specified. If this value is not specified, it will default to false.
allowResponseHeadersOverwrite: false # If true, allows the response headers to be overwritten by the axios response (except Access-Control-Allow-Origin). If this value is not specified, it will default to false.