CORS
Applies Cross-Origin Resource Sharing rules for browser clients.
Use the CORS policy to specify which origins, headers, and HTTP methods are allowed when a browser client accesses your API.
Note: Parameters for the CORS policy are not provided within the policy. The policy retrieves its
configuration from the
cors section of the API definition and enforces the rules
defined in that section.For more information on the policy parameter descriptions, see DataPower Nano Gateway documentation.
Example of a CORS policy in code view.
kind: cors
apiVersion: api.ibm.com/v1
metadata:
name: enforce_cors
version: 1
namespace: sample
spec:
rules:
- action: Allow/DENY
originList:
- www.domain.com
- www.test.com
allowCredentials: true
allowMethods:
- GET
- POST
- PUT
- DELETE
allowHeaders:
- header1
- header2
maxAge: 34
exposeHeaders:
predefined: true
custom: 'header3,header4'
backend: false