Skip to content

Home

Development

IDEs

JAR services

API Explorer

CORS

CORS or Cross-origin resource sharing permits restricted resources to be requested from another domain outside the domain from which the resource was served.

Configuring CORS

Configuring CORS

Access-Control-Allow-Origin

Represents a collection of allowed origins.

Example: https://example.com, *, https://*, http://*

Access-Control-Allow-Header

Represents a collection of allowed headers.

Example: Authorization, x-toro-proxy-id, *

Access-Control-Expose-Header

Represents a collection of exposed headers.

Example: Content-Encoding, *

Access-Control-Allow-Credentials

Specifies whether credentials are included in the CORS request.

Default value: false

Access-Control-Max-Age

The number of seconds that the browser should cache preflight request results.

When value is -1 it will disable caching, requiring a preflight OPTIONS check for all calls.

Access-Control-Allow-Methods

Represents a collection of allowed HTTP methods.

Example: GET, POST