Endpoint Cross-Origin Resource Sharing
Endpoint Cross-Origin Resource Sharing is a W3C standard that defines how the browser and server should interact when cross-domain requests are made.
Field | Description |
---|---|
Allow CORS Requests from any domain |
When the option is enabled, and an appropriate CORS pre-flight request is made, the Traffic Manager handles the request and prepares an appropriate pre-flight response on behalf of the back-end host server. For the actual cross-domain request that needs to be made to a back-end system, the Traffic Manager adds appropriate CORS headers, such as Access-Control-Allow-Origin, Access-Control-Allow-Methods. These headers are added only after the Traffic Manager checks against configured rules before passing the request through the host server. If the configured rules do not allow the cross-domain request, an error response is sent for that particular cross-domain request. |
Sub-domain matching allowed? | If disabled, exact matching will be done on the Origin header on incoming requests, against allowed origins specified. |
List of headers allowed | List of headers used to validate and determine what can be added to Access-Control-Allow header. Leave this field blank to allow any incoming header. |
List of headers to expose | List of headers that will be added to Access-Control-Expose-Headers on the response. |
Are cookies allowed? | If enabled, Access-Control-Allow-Credentials is set to true on the response, which controls whether credentialed requests or cookies are allowed. |
Max Age for CORS Pre Flight (minutes) |
The maximum time for which the pre-flight request results are allowed to be cached by the calling application. |