- Companion:
- object
Value members
Concrete methods
Allows CORS requests with any headers.
Allows CORS requests with any headers.
Sets the Access-Control-Allow-Headers
response header to *
Allows CORS requests using any method.
Allows CORS requests using any method.
Sets the Access-Control-Allow-Methods
response header to *
Allows CORS requests from any origin.
Allows CORS requests from any origin.
Sets the Access-Control-Allow-Origin
response header to *
.
Allows credentialed requests by setting the Access-Control-Allow-Credentials
response header to true
Allows credentialed requests by setting the Access-Control-Allow-Credentials
response header to true
Allows CORS requests using specific headers.
Allows CORS requests using specific headers.
If the preflight request's Access-Control-Request-Headers
header requests one of the specified headers
, the
Access-Control-Allow-Headers
response header is set to a comma-separated list of the given headers
. Otherwise the
Access-Control-Allow-Headers
response header is suppressed.
Allows CORS requests using specific methods.
Allows CORS requests using specific methods.
If the preflight request's Access-Control-Request-Method
header requests one of the specified methods
, the
Access-Control-Allow-Methods
response header is set to a comma-separated list of the given methods
. Otherwise the
Access-Control-Allow-Methods
response header is suppressed.
Allows CORS requests only from a specific origin.
Allows CORS requests only from a specific origin.
If the request Origin
matches the given origin
, sets the Access-Control-Allow-Origin
response header to the given origin
.
Otherwise the Access-Control-Allow-Origin
response header is suppressed..
Determines how long the response to a preflight request can be cached by the client.
Determines how long the response to a preflight request can be cached by the client.
Suppresses the Access-Control-Max-Age
response header, which makes the client use its default value.
Sets the response status code of successful preflight requests to "204 No Content"
Sets the response status code of successful preflight requests to "204 No Content"
Blocks credentialed requests by suppressing the Access-Control-Allow-Credentials
response header
Blocks credentialed requests by suppressing the Access-Control-Allow-Credentials
response header
Exposes all response headers to JavaScript in browsers
Exposes all response headers to JavaScript in browsers
Sets the Access-Control-Expose-Headers
response header to *
Exposes specific response headers to JavaScript in browsers
Exposes specific response headers to JavaScript in browsers
Sets the Access-Control-Expose-Headers
response header to a comma-separated list of the given headerNames
Exposes no response headers to JavaScript in browsers
Exposes no response headers to JavaScript in browsers
Suppresses the Access-Control-Expose-Headers
response header
Determines how long the response to a preflight request can be cached by the client.
Determines how long the response to a preflight request can be cached by the client.
Sets the Access-Control-Max-Age
response header to the given duration
in seconds.
Sets the response status code of successful preflight requests to the given statusCode
Sets the response status code of successful preflight requests to the given statusCode
Allows CORS requests using any headers requested in preflight request's Access-Control-Request-Headers
header.
Allows CORS requests using any headers requested in preflight request's Access-Control-Request-Headers
header.
Use reflectHeaders instead of allowAllHeaders when credentialed requests are enabled with allowCredentials, since wildcards are illegal when credentials are enabled