close

Filter

loading table of contents...

Deployment Manual / Version 2401

Table Of Contents

3.1.4 CORS Properties

cae.cors.allow-credentials-for-url-pattern
Type java.util.Map<java.lang.String,java.lang.Boolean>
Default  
Description

Map of whether user credentials are supported, based on URL patterns.

Example:

 cae.cors.allow-credentials-for-url-pattern[{path\:.*}]=true 

See Javadoc for more information on CORS configuration for the CAE.

cae.cors.allowed-headers-for-url-pattern
Type java.util.Map<java.lang.String,java.util.List<java.lang.String>>
Default  
Description

Map of headers that a pre-flight request can list as allowed for use during an actual request, based on URL patterns.

A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified or Pragma.

Example:

 cae.cors.allowed-headers-for-url-pattern[{path\:.*}]=x-requested-with,x-csrf-token 

See Javadoc for more information on CORS configuration for the CAE.

cae.cors.allowed-methods-for-url-pattern
Type java.util.Map<java.lang.String,java.util.List<java.lang.String>>
Default  
Description

Map of HTTP methods to allow, based on URL patterns.

Example:

 cae.cors.allowed-methods-for-url-pattern[{path\:.*}]=GET,POST,PUT 

See Javadoc for more information on CORS configuration for the CAE.

cae.cors.allowed-origins-for-url-pattern
Type java.util.Map<java.lang.String,java.util.List<java.lang.String>>
Default  
Description

Map of origins to allow, based on URL patterns.

Example:

 cae.cors.allowed-origins-for-url-pattern[{path\:.*}]=https://domain1.com,https://domain2.com 

In the preview CAE, this property may e.g. be configured with the Studio host in order to allow AJAX requests from the Studio to the CAE.

See Javadoc for more information on CORS configuration for the CAE.

cae.cors.exposed-headers-for-url-pattern
Type java.util.Map<java.lang.String,java.util.List<java.lang.String>>
Default  
Description

Map of response headers other than simple headers (i.e. Cache-Control, Content-Language, Content-Type, Expires, Last-Modified or Pragma) that an actual response might have and can be exposed, based on URL patterns.

Example:

 cae.cors.exposed-headers-for-url-pattern[{path\:.*}]=x-requested-with,x-csrf-token 

See Javadoc for more information on CORS configuration for the CAE.

cae.cors.max-age-for-url-pattern
Type java.util.Map<java.lang.String,java.time.Duration>
Default  
Description

Map of how long, as a duration, the response from a pre-flight request can be cached by clients, based on URL patterns.

Example:

 cae.cors.max-age-for-url-pattern[{path\:.*}]=3m 

See Javadoc for more information on CORS configuration for the CAE.

Table 3.4. Configuration Properties with Prefix cae.cors


Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.