handle-preflight
Use this entry to control whether or not the reverse proxy generates responses to pre-flight requests.
Syntax
handle-preflight = {true, false}
Description
This entry defines whether or not the reverse proxy handles CORS pre-flight responses.
The reverse proxy is capable of generating pre-flight responses. The reverse proxy considers
requests that meet all of the following criteria to be CORS pre-flight requests:
- the request matches this policy stanza. See request-match
- the request uses the OPTIONS method
- the request contains an Origin header specifying a permitted origin. See allow-origin
- the request contains an Access-Control-Request-Method header
The pre-flight response mechanism uses information from the following entries within a
[cors-policy:<policy-name>]
stanza to generate a response:- allow-credentials
- allow-header
- allow-method
- max-age
Options
- yes|true
- The reverse proxy generates responses to requests it identifies as pre-flight cross-origin requests.
- no|false
- The reverse proxy will not respond to pre-flight cross-origin requests and forwards them to the backend application.
Usage
This stanza entry is optional.
Default Value
false
Example
handle-preflight = true
allow-credentials = true
allow-header = X-IBM-HEADER
max-age = 3600