Sources |
Yes |
Specifies the sources from which you want to allow cross-origin requests. Note the
following rules when you configure the sources:
- You can configure multiple rules for sources. Separate multiple rules with new lines.
- The domain names must include the protocol name, such as HTTP or HTTPS.
- Asterisks (*) are supported as wildcards. Each rule can contain up to one asterisk
(*).
- A domain name must contain the port number if the domain name does not use the default
port. Example: https://www.example.com:8080.
The following examples show how to configure domain names:
- Enter the full domain name to match a specified domain name. Example: https://www.example.com.
- Use an asterisk (*) as a wildcard in the domain name to match second-level domain
names. Example: https://*.example.com.
- Enter only an asterisk (*) as the wildcard to match all domain names.
|
Allowed Methods |
Yes |
Specifies the cross-origin request methods that are allowed. |
Allowed Headers |
No |
Specifies the response headers for the allowed cross-origin requests. Note the following
rules when you configure the allowed headers:
- This parameter is in the key:value format and case-insensitive. Example: content-type:text/plain.
- You can configure multiple rules for allowed headers. Separate multiple rules with
new lines.
- Each rule can contain up to one asterisk (*) as the wildcard. Set this parameter to
an asterisk (*) if you do not have special requirements.
|
Exposed Headers |
No |
Specifies the response headers for allowed access requests from applications, such
as an XMLHttpRequest object in JavaScript. Exposed headers cannot contain asterisks
(*).
|
Cache Timeout (Seconds) |
No |
Specifies the time the browser caches the response for a prefetch (OPTIONS) request
for specific resources.
|
Vary: Origin |
No |
Selects whether to return the Vary: Origin header.
If both CORS and non-CORS requests are sent to OSS, or if the Origin header has multiple
possible values, we recommend that you configure the Vary: Origin header to avoid errors in the local cache.
Notice If Vary: Origin is selected, access through the browser or the CDN back-to-origin requests may increase.
|