Sources |
Yes |
The sources from which you want to allow cross-origin requests. When you configure
the sources, take note of the following rules:
- You can configure multiple sources. Separate multiple sources with line feeds.
- The domain names must include the protocol name, such as HTTP or HTTPS.
- You can use the asterisk (*) as a wildcard character. Each source can contain up to
one asterisk (*).
- If a domain name does not use the default port, the domain name must contain the port
number. Example: https://www.example.com:8080.
The following examples show how to configure domain names:
- To match a specified domain name, enter the full domain name. Example: https://www.example.com.
- To match second-level domain names, use an asterisk (*) as the wildcard character
in the domain name. Example: https://*.example.com.
- To match all domain names, enter only an asterisk (*) as the wildcard character.
|
Allowed Methods |
Yes |
The methods that cross-origin requests are allowed to use. |
Allowed Headers |
No |
The response headers for the allowed cross-origin requests. When you configure the
headers, take note of the following rules:
- This parameter is in the key:value format and not case-sensitive. Example: content-type:text/plain.
- You can configure multiple response headers. Separate multiple response headers with
line feeds.
- Each response header can have only one asterisk (*) as the wildcard character. Set
this parameter to an asterisk (*) if you do not have special requirements.
|
Exposed Headers |
No |
The response headers for allowed access requests from applications, such as an XMLHttpRequest
object in JavaScript. Exposed headers cannot contain asterisks (*).
|
Cache Timeout (Seconds) |
No |
The period of time in which the browser can cache the response to an OPTIONS preflight
request for specific resources. Unit: seconds.
|
Vary: Origin |
No |
Specifies whether to return the Vary: Origin header.
If both CORS and non-CORS requests are sent at the same time, or if the Origin header
has multiple possible values, we recommend that you select the Vary: Origin header to avoid errors in the local cache.
Notice If Vary: Origin is selected, visits through the browser or the CDN back-to-origin requests may increase.
|