Configuring a CORS rule

A CORS rule specifies how CORS requests are handled.

About this task

To configure a CORS rule, provide the following settings.
  • One or more values for the Origin header that are accepted for cross-origin requests. The value must be a literal string that includes the scheme and the host.
  • Whether to return the Access-Control-Allow-Credentials: true header.
  • Whether to append one or more of the following values to the Access-Control-Expose-Headers response header value.
    • The predefined value of the gateway.
    • The value of Access-Control-Expose-Headers from the backend response.
    • A custom string.

Procedure

  1. In the search field, enter cors.
  2. From the search results, click CORS rule.
  3. Click Add.
  4. Define the basic properties - Name, administrative state, and comments.
  5. Specify the Origin header values to allow.
  6. Specify whether to return the Access-Control-Allow-Credentials: true header.
  7. Specify whether to append values to the Access-Control-Expose-Headers response header value.
    1. Specify whether to append the predefined value of the gateway.
    2. Specify whether to append the value from the server response.
    3. Optional: Specify a custom string.
  8. Click Save to save changes to the persisted configuration.