All Products
Search
Document Center

API Gateway:CORS

Last Updated:May 27, 2020

Plug-in configurations

You can configure CORS plug-ins in the JSON or YAML format as these two formats use the same schema. You can use the yaml to json tool to convert the configuration format of a CORS plug-in. The following table describes a plug-in configuration template in the YAML format.

  1. ---
  2. allowOrigins: api.foo.com,api2.foo.com # The allowed origins. Separate multiple origins by commas (,). Default value: *.
  3. AllowMethods: GET, POST, PUT#The allowed HTTP methods. Separate multiple methods by commas (,).
  4. allowHeaders: X-Ca-RequestId # The allowed request headers. Separate multiple request headers by commas (,).
  5. exposeHeaders: X-RC1,X-RC2 # The headers that can be exposed to XMLHttpRequest objects. Separate multiple headers by commas (,).
  6. allowCredentials: true # Constrols whether cookies are allowed.
  7. maxAge: 172800