allow-origin

The allow-origin entry specifies which origins presented by clients are permitted to make cross-origin requests to resources which this policy is applicable to.

Syntax

allow-origin = <origin>

Description

An origin which is permitted for this policy. This configuration entry may be specified multiple times to indicate multiple allowable origins. A value of '*' can be specified to indicate that requests are allowed from any origin.

When configured with an origin or list of origins, this configuration entry adds the following header to pre-flight requests:

Access-Control-Allow-Origin = <any value which matches the request's origin header>

When configured with '*', this configuration entry adds the following header to pre-flight requests:

Access-Control-Allow-Origin = <request's origin header>

This entry affects both pre-flight and cross-origin requests. This entry is used when validating cross-origin requests.

Options

origin: This entry should either be '*' or a complete origin including a scheme, hostname and optionally any port information.

Usage

This stanza entry is required.

You can specify multiple entries if needed.

The origin matching performed is case sensitive.

If an '*' entry is specified, all other allow-origin entries for this policy is ignored.

Default Value

None.

Example


allow-origin = https://isva.ibm.com
allow-origin = https://isva.ibm.com:9443
or
allow-origin = *