CORS

The CORS section defines the CORS policy for your application.

  • allow_origins: Specifies which origins are allowed.

  • allow_methods: Lists the HTTP methods allowed.

  • allow_headers: Headers that are allowed in requests.

  • expose_headers: Headers that are exposed in responses.

  • allow_credentials: Indicates whether credentials are supported.

  • max_age: Specifies the cache duration for preflight requests.

Example

"cors": {
    "allow_origins": [
        "https://example.com",
        "https://example2.com"
    ],
    "allow_methods": [
        "GET",
        "POST",
        "PUT",
        "DELETE"
    ],
    "allow_headers": [
        "Content-Type",
        "Authorization"
    ],
    "expose_headers": [
        "Content-Type",
        "Authorization"
    ],
    "allow_credentials": true,
    "max_age": 86400
}

Last updated