This topic describes plug-ins of the CORS type. For information about cross-origin resource sharing (CORS), see CORS.
You can configure a plug-in of the CORS type in the JSON or YAML format. The two formats have the same schema and can be converted to each other by using a conversion tool. The following code snippet is a YAML template for configuring a plug-in of the CORS type:
---allowOrigins: api.foo.com,api2.foo.com # The origins from which API requests are allowed. Default value: *. allowMethods: GET,POST,PUT # The HTTP methods that can be used to send API requests. Separate multiple methods with commas (,). allowHeaders: X-Ca-RequestId # The header fields that can be used in API requests. Separate multiple header fields with commas (,). exposeHeaders: X-RC1,X-RC2 # The header fields that can be exposed to the XMLHttpRequest object. Separate multiple header fields with commas (,). allowCredentials: true # Specifies whether to enable cookies. maxAge: 172800