Last active
May 16, 2018 17:07
-
-
Save asoorm/2a36647c7adc9d61612cdeee985fe82b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| enable: | |
| type: boolean | |
| description: Enable or disable CORS middleware | |
| example: true | |
| allowed_origins: | |
| type: array | |
| description: A list of origin domains to allow access from | |
| example: ["foo.com", "bar.com"] | |
| allow_credentials: | |
| type: boolean | |
| description: Allow credentials (cookies) | |
| example: true | |
| allowed_headers: | |
| type: array | |
| description: Headers to allow in the request | |
| allowed_methods: | |
| type: array | |
| description: Allowed methods | |
| example: ["GET", "POST", "DELETE"] | |
| exposed_headers: | |
| type: array | |
| description: Whitelist of headers to expose in the response | |
| max_age: | |
| type: integer | |
| description: Maximum age of credentials in hours | |
| example: 24 | |
| options_passthrough: | |
| type: boolean | |
| description: Allow CORS OPTIONS preflight request to be proxied directly to upstream, without authentication and rest of checks. This means that pre-flight requests generated by web-clients such as SwaggerUI or the Tyk Portal documentation system will be able to test the API using trial keys. If your service handles CORS natively, then enable this option. | |
| debug: | |
| type: boolean | |
| default: false | |
| example: true | |
| description: enabling produces log output from the CORS middleware |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment