Deployment Manual / Version 2506.0
Table Of Contents
Caution
Note that the caas.cors.* configuration properties are not used anymore.
The generalized cors.* configuration properties must be used instead.
See Section 3.15.1, “CORS Properties”
caas.cors.allow-credentials-for-url-pattern
| |
| Type |
Map<String,Boolean>
|
| Description |
Map of whether user credentials are supported, based on URL patterns. Example: caas.cors.allow-credentials-for-url-pattern[/**]=true See org.springframework.web.util.pattern.PathPattern> for the syntax of allowed path patterns. |
| Deprecation |
This property has been deprecated since 2506.0.0 and will be removed in a future version.
Use Reason: Unified CORS configurations for delivery applications. |
caas.cors.allowed-headers-for-url-pattern
| |
| Type |
Map<String,List<String>>
|
| Description |
Map of headers that a pre-flight request can list as allowed for use during an actual request, based on URL patterns. A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified or Pragma. Example: caas.cors.allowed-headers-for-url-pattern[/**]=x-requested-with,x-csrf-token See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns. |
| Deprecation |
This property has been deprecated since 2506.0.0 and will be removed in a future version.
Use Reason: Unified CORS configurations for delivery applications. |
caas.cors.allowed-methods-for-url-pattern
| |
| Type |
Map<String,List<String>>
|
| Description |
Map of HTTP methods to allow, based on URL patterns. Example: caas.cors.allowed-methods-for-url-pattern[/**]=GET,POST,PUT See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns. |
| Deprecation |
This property has been deprecated since 2506.0.0 and will be removed in a future version.
Use Reason: Unified CORS configurations for delivery applications. |
caas.cors.allowed-origins-for-url-pattern
| |
| Type |
Map<String,List<String>>
|
| Description |
Map of origins to allow, based on URL patterns. Example: caas.cors.allowed-origins-for-url-pattern[/**]=https://domain1.com,https://domain2.com See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns. |
| Deprecation |
This property has been deprecated since 2506.0.0 and will be removed in a future version.
Use Reason: Unified CORS configurations for delivery applications. |
caas.cors.disable-protection
| |
| Type |
Boolean
|
| Default | false |
| Description |
Disable CORS configuration completely. Disabling CORS results effectively in an 'allow all CORS policy'. |
| Deprecation |
This property has been deprecated since 2506.0.0 and will be removed in a future version.
Use Reason: Unified CORS configurations for delivery applications. |
caas.cors.exposed-headers-for-url-pattern
| |
| Type |
Map<String,List<String>>
|
| Description |
Map of response headers other than simple headers (i.e. Cache-Control, Content-Language, Content-Type, Expires, Last-Modified or Pragma) that an actual response might have and can be exposed, based on URL patterns. Example: caas.cors.exposed-headers-for-url-pattern[/**]=x-requested-with,x-csrf-token See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns. |
| Deprecation |
This property has been deprecated since 2506.0.0 and will be removed in a future version.
Use Reason: Unified CORS configurations for delivery applications. |
caas.cors.fallback.allow-credentials
| |
| Type |
Boolean
|
| Default | true |
| Description |
Allow credentials flag to be used for path pattern '/**', in the case that no specific CORS configuration exists at all. @see org.springframework.web.cors.CorsConfiguration#setAllowCredentials(Boolean) |
| Deprecation |
This property has been deprecated since 2506.0.0 and will be removed in a future version.
Use Reason: Unified CORS configurations for delivery applications. |
caas.cors.fallback.allowed-methods
| |
| Type |
List<String>
|
| Description |
The fallback allowed methods to be used for path pattern '/**', in the case that no specific CORS configuration exists at all. @see org.springframework.web.cors.CorsConfiguration#setAllowedMethods(List) |
| Deprecation |
This property has been deprecated since 2506.0.0 and will be removed in a future version.
Use Reason: Unified CORS configurations for delivery applications. |
caas.cors.fallback.allowed-origin
| |
| Type |
String
|
| Description |
A fallback allowed origin to be used for path pattern '/**', in the case that no specific CORS configuration exists at all. This may be used to easily configure a minimal CORS config consisting of the FQDN, which is usually set via environment variables. @see org.springframework.web.cors.CorsConfiguration#setAllowedOrigins(List) |
| Deprecation |
This property has been deprecated since 2506.0.0 and will be removed in a future version.
Use Reason: Unified CORS configurations for delivery applications. |
caas.cors.max-age-for-url-pattern
| |
| Type |
Map<String,Duration>
|
| Description |
Map of how long, as a duration, the response from a pre-flight request can be cached by clients, based on URL patterns. Example: caas.cors.max-age-for-url-pattern[/**]=3m See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns. |
| Deprecation |
This property has been deprecated since 2506.0.0 and will be removed in a future version.
Use Reason: Unified CORS configurations for delivery applications. |
Table 3.65. Configuration Properties with Prefix caas.cors (unused)
