allow-header

Edit online

The allow-header entry specifies which headers are presented in preflight responses to clients as acceptable to use when making cross-origin requests to resources which this policy is applicable to.

Syntax

allow-header = <origin>

Description

A header which is permitted when making cross-origin requests to the resources protected by this policy. This configuration entry may be specified multiple times to indicate multiple allowable headers. A value of '*' can be specified to indicate that any header is acceptable, in this case the reverse proxy responds with any header(s) presented by the client in the Access-Control-Request-Headers header.

When configured with a header or list of headers, this configuration entry adds the following header to pre-flight responses:

Access-Control-Allow-Headers = <any values given in this policy>

When configured with '*', this configuration entry adds the following header to pre-flight responses:

Access-Control-Allow-Header = <any value presented by the client in the Access-Control-Request-Headers>

Note: The following simple headers are always considered allowed and are never returned in the Access-Control-Allow-Headers header:


Accept
Accept-Language
Content-Language
Content-Type: application/x-www-form-urlencoded
Content-Type: multipart/form-data
Content-Type: text/plain

This entry only affects only pre-flight requests.

Options

header: This entry should either be '*' or a header name.

Usage

You can specify multiple entries if needed.

The header matching performed is not case sensitive.

If an '*' entry is specified, all other allow-header entries for this policy are ignored.

Default Value

None.

Example


allow-header = X-IBM-VERSION
allow-header = X-IBM-ROUTE