Issue #2905848 by urvashi_vora, adeshsharma, shimpy, quietone, kkalashnikov, rishabh vishwakarma, sourabhjain, mikejoconnor, alexpott, pradhumanjain2311, MeenakshiG, mr.baileys, smustgrave, sic, larowlan, longwave, johnhanley: Improve CORS configuration documentation
nod_
parent
2969dada48
commit
6e7a6741e1
|
|
@ -220,20 +220,39 @@ parameters:
|
|||
# Note: By default the configuration is disabled.
|
||||
cors.config:
|
||||
enabled: false
|
||||
# Specify allowed headers, like 'x-allowed-header'.
|
||||
# Specifies allowed headers and sets the Access-Control-Allow-Headers
|
||||
# header. For example, ['X-Custom-Header']. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
|
||||
allowedHeaders: []
|
||||
# Specify allowed request methods, specify ['*'] to allow all possible ones.
|
||||
# Specifies allowed request methods and sets the
|
||||
# Access-Control-Allow-Methods header. For example, ['POST', 'GET',
|
||||
# 'OPTIONS'] or ['*'] to allow all. Note the wildcard is not yet implemented
|
||||
# in all browsers. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
|
||||
allowedMethods: []
|
||||
# Configure requests allowed from specific origins. Do not include trailing
|
||||
# slashes with URLs.
|
||||
# Configure requests allowed from specific origins and sets the
|
||||
# Access-Control-Allow-Origin header. For example,
|
||||
# ['https://www.drupal.org'] or ['*'] to allow any origin to access your
|
||||
# resource. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
|
||||
allowedOrigins: ['*']
|
||||
# Configure requests allowed from origins, matching against regex patterns.
|
||||
allowedOriginsPatterns: []
|
||||
# Sets the Access-Control-Expose-Headers header.
|
||||
# Sets the Access-Control-Expose-Headers header. The default is false which
|
||||
# means the header will not be set. To set the header use a comma delimited
|
||||
# list within square brackets. For example, ['Content-Type', 'Expires'] or
|
||||
# ['*'] to expose all headers. Setting exposedHeaders: ['*'] will result in
|
||||
# a Access-Control-Expose-Headers: * response header. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
|
||||
exposedHeaders: false
|
||||
# Sets the Access-Control-Max-Age header.
|
||||
# Setting Access-Control-Max-Age header value to '0' or false will omit this
|
||||
# from the response. However, setting it to '-1' will explicitly disable
|
||||
# caching. For example, setting the value to 600 will cache results of a
|
||||
# preflight request for 10 minutes. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
|
||||
maxAge: false
|
||||
# Sets the Access-Control-Allow-Credentials header.
|
||||
# Sets the Access-Control-Allow-Credentials header if set to true. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
|
||||
supportsCredentials: false
|
||||
|
||||
queue.config:
|
||||
|
|
|
|||
|
|
@ -220,20 +220,39 @@ parameters:
|
|||
# Note: By default the configuration is disabled.
|
||||
cors.config:
|
||||
enabled: false
|
||||
# Specify allowed headers, like 'x-allowed-header'.
|
||||
# Specifies allowed headers and sets the Access-Control-Allow-Headers
|
||||
# header. For example, ['X-Custom-Header']. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
|
||||
allowedHeaders: []
|
||||
# Specify allowed request methods, specify ['*'] to allow all possible ones.
|
||||
# Specifies allowed request methods and sets the
|
||||
# Access-Control-Allow-Methods header. For example, ['POST', 'GET',
|
||||
# 'OPTIONS'] or ['*'] to allow all. Note the wildcard is not yet implemented
|
||||
# in all browsers. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
|
||||
allowedMethods: []
|
||||
# Configure requests allowed from specific origins. Do not include trailing
|
||||
# slashes with URLs.
|
||||
# Configure requests allowed from specific origins and sets the
|
||||
# Access-Control-Allow-Origin header. For example,
|
||||
# ['https://www.drupal.org'] or ['*'] to allow any origin to access your
|
||||
# resource. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
|
||||
allowedOrigins: ['*']
|
||||
# Configure requests allowed from origins, matching against regex patterns.
|
||||
allowedOriginsPatterns: []
|
||||
# Sets the Access-Control-Expose-Headers header.
|
||||
# Sets the Access-Control-Expose-Headers header. The default is false which
|
||||
# means the header will not be set. To set the header use a comma delimited
|
||||
# list within square brackets. For example, ['Content-Type', 'Expires'] or
|
||||
# ['*'] to expose all headers. Setting exposedHeaders: ['*'] will result in
|
||||
# a Access-Control-Expose-Headers: * response header. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
|
||||
exposedHeaders: false
|
||||
# Sets the Access-Control-Max-Age header.
|
||||
# Setting Access-Control-Max-Age header value to '0' or false will omit this
|
||||
# from the response. However, setting it to '-1' will explicitly disable
|
||||
# caching. For example, setting the value to 600 will cache results of a
|
||||
# preflight request for 10 minutes. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
|
||||
maxAge: false
|
||||
# Sets the Access-Control-Allow-Credentials header.
|
||||
# Sets the Access-Control-Allow-Credentials header if set to true. See
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
|
||||
supportsCredentials: false
|
||||
|
||||
queue.config:
|
||||
|
|
|
|||
Loading…
Reference in New Issue