This topic describes plug-ins of the CORS type. For information about cross-origin resource sharing (CORS), see CORS.

Configurations

You can configure a plug-in of the CORS type in the JSON or YAML format. The two formats have the same schema and can be converted to each other by using a conversion tool. The following code snippet is a YAML template for configuring a plug-in of the CORS type:
---allowOrigins: api.foo.com,api2.foo.com    # The origins from which API requests are allowed. Default value: *.
allowMethods: GET,POST,PUT                # The HTTP methods that can be used to send API requests. Separate multiple methods with commas (,).
allowHeaders: X-Ca-RequestId            # The header fields that can be used in API requests. Separate multiple header fields with commas (,).
exposeHeaders: X-RC1,X-RC2              # The header fields that can be exposed to the XMLHttpRequest object. Separate multiple header fields with commas (,).
allowCredentials: true                    # Specifies whether to enable cookies.
maxAge: 172800