Map of whether user credentials are supported, based on URL patterns.

Example:

 cae.cors.allow-credentials-for-url-pattern[{path\:.*}]=true 

See Javadoc for more information on CORS configuration for the CAE.

Map of headers that a pre-flight request can list as allowed for use during an actual request, based on URL patterns.

A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified or Pragma.

Example:

 cae.cors.allowed-headers-for-url-pattern[{path\:.*}]=x-requested-with,x-csrf-token 

See Javadoc for more information on CORS configuration for the CAE.

Map of HTTP methods to allow, based on URL patterns.

Example:

 cae.cors.allowed-methods-for-url-pattern[{path\:.*}]=GET,POST,PUT 

See Javadoc for more information on CORS configuration for the CAE.

Map of origins to allow, based on URL patterns.

Example:

 cae.cors.allowed-origins-for-url-pattern[{path\:.*}]=https://domain1.com,https://domain2.com 

In the preview CAE, this property may e.g. be configured with the Studio host in order to allow AJAX requests from the Studio to the CAE.

See Javadoc for more information on CORS configuration for the CAE.

Map of response headers other than simple headers (i.e. Cache-Control, Content-Language, Content-Type, Expires, Last-Modified or Pragma) that an actual response might have and can be exposed, based on URL patterns.

Example:

 cae.cors.exposed-headers-for-url-pattern[{path\:.*}]=x-requested-with,x-csrf-token 

See Javadoc for more information on CORS configuration for the CAE.

Map of how long, as a duration, the response from a pre-flight request can be cached by clients, based on URL patterns.

Example:

 cae.cors.max-age-for-url-pattern[{path\:.*}]=3m 

See Javadoc for more information on CORS configuration for the CAE.