handle-preflight

Use this entry to control whether or not the reverse proxy generates responses to pre-flight requests.

Syntax

handle-preflight = {true, false}

Description

This entry defines whether or not the reverse proxy handles CORS pre-flight responses.

The reverse proxy is capable of generating pre-flight responses. The reverse proxy considers requests that meet all of the following criteria to be CORS pre-flight requests:

the request matches this policy stanza. See request-match
the request uses the OPTIONS method
the request contains an Origin header specifying a permitted origin. See allow-origin
the request contains an Access-Control-Request-Method header

The pre-flight response mechanism uses information from the following entries within a [cors-policy:<policy-name>] stanza to generate a response:

allow-credentials
allow-header
allow-method
max-age

Options

yes|true: The reverse proxy generates responses to requests it identifies as pre-flight cross-origin requests.
no|false: The reverse proxy will not respond to pre-flight cross-origin requests and forwards them to the backend application.

Usage

This stanza entry is optional.

Default Value

false

Example


handle-preflight = true
allow-credentials = true
allow-header = X-IBM-HEADER
max-age = 3600