We Have Moved
The IBM Application Gateway has a new home - docs.verify.ibm.com/gateway
The documentation on this site will no longer be maintained after v21.02, please update your bookmarks.
The reverse proxy can support cross-origin resource sharing with CORS aware clients.
Each defined policy must at a minimum contain:
This entry is an array and can be used to specify multiple CORS policies.
The following table(s) describe the configuration properties for this component:
|paths||array[string]||The paths for which this CORS policy will be applied. This entry is an array and can be used to specify multiple paths.
|host||string||The host (obtained from the host header in the request) for which this CORS policy will be applied. If no host header is specified all hosts will be matched.
|name||string||The name which is associated with this CORS policy.
|method||string||The HTTP method for which this CORS policy will be applied.
The definition of the CORS policy.
|Maximum time (in seconds) a client should cache the results of a pre-flight request. A value of -1 indicates to clients that they should not cache, 0 indicates that clients may cache at their own discretion. Only valid if handle_pre_flight is set to true.
|The reverse proxy can respond to pre-flight requests using the information from this policy. If set to false, pre-flight requests will be forwarded to the protected application.
|allow_headers||array[string]||Headers that are indicated as allowed in responses to pre-flight requests. Specifying no allow_header entries will indicate to clients that all headers are permitted. Not case-sensitive. Only valid if handle_pre_flight is set to true.
|allow_methods||array[string]||Methods that are indicated as allowed in responses to pre-flight requests. Specifying no allow_method entries will indicate to clients that all methods are permitted. Case-sensitive. Only valid if handle_pre_flight is set to true.
|expose_headers||array[string]||Indicates to clients which headers they expose from the response.
|allow_origins||array[string]||A list of origins which are permitted to make cross-origin requests. To allow cross-origin requests from any origin, add a single entry '*'.
|Indicates to clients that authentication is required when accessing this resource.
policies: cors: - name: cors_policy_A host: www.test.com paths: - "/test" - "/development" method: GET policy: allow_origins: - www.test.com - www.example.com handle_pre_flight: true allow_headers: - test_header - test_header2 max_age: 600 allow_methods: - update - create allow_credentials: true expose_headers: - test_header - test_header2