CORS
The Cross-Origin Resource Sharing (CORS) mechanism supports secure cross-domain requests and data transfers between browsers and web servers. The CORS standard works by adding new HTTP headers that allow servers to describe the set of origins that are permitted to read that information.This policy provides CORS support that uses additional HTTP headers to let a client or an application gain permission to access selected resources. An application or a client makes a cross-origin HTTP request when it requests a resource from a different domain, protocol, or port than the one from which the current request originated.
In API Studio, this policy is identified by the kind CORS
.
Here is a sample code for the CORS policy.
kind: CORS
apiVersion: api.webmethods.io/beta
metadata:
name: Enforce CORS policy
version: 1
spec:
allowedOrigins:
- www.domain.com
- www.test.com
allowedHeaders:
- header1
- header2
exposedHeaders:
- header3
- header4
allowCredentials: true
allowedMethods:
- GET
- POST
- PUT
- DELETE
maxAge: 34
The structure in the code view and what it denotes is as follows.
Type | Description |
---|---|
kind | CORS. This denotes the asset type, CORS policy. |
apiVersion | This denotes the API version of the API on which this policy is enforced. |
metadata | This denotes the metadata or details of the asset type. It covers the following metadata:
|
spec | This denotes various policy properties you can configure for the policy. You can
configure the following policy property:
|