A Policy determines how CORS response headers are set in response to a request with
CORS headers:
allowsOrigin is a function that takes the value specified in the Origin request header
and optionally returns the value of Access-Control-Allow-Origin.
allowsMethods is a function that takes the value of the Access-Control-Request-Method
preflight request header and optionally returns a list of methods to be set in the
Access-Control-Allow-Methods response header.
allowsHeaders is a function that takes the values set in the Access-Control-Request-Headers
preflight request header and returns the header names to be set in the Access-Control-Allow-
Headers response header.
exposedHeaders is the list of header names to be set in the Access-Control-Expose-Headers
response header (in response to non-preflight requests).
If supportsCredentials is true and allowsOrigin does not return '*', the Access-Control-
Allow-Credentials resopnse header will be set to 'true'.
If maxAge is defined, its value (in seconds) will be set in the Access-Control-Max-Age
response header.
Linear Supertypes
Serializable, Serializable, Product, Equals, AnyRef, Any
A Cross-Origin Resource Sharing policy.
A Policy determines how CORS response headers are set in response to a request with CORS headers:
allowsOrigin is a function that takes the value specified in the Origin request header and optionally returns the value of Access-Control-Allow-Origin.
allowsMethods is a function that takes the value of the Access-Control-Request-Method preflight request header and optionally returns a list of methods to be set in the Access-Control-Allow-Methods response header.
allowsHeaders is a function that takes the values set in the Access-Control-Request-Headers preflight request header and returns the header names to be set in the Access-Control-Allow- Headers response header.
exposedHeaders is the list of header names to be set in the Access-Control-Expose-Headers response header (in response to non-preflight requests).
If supportsCredentials is true and allowsOrigin does not return '*', the Access-Control- Allow-Credentials resopnse header will be set to 'true'.
If maxAge is defined, its value (in seconds) will be set in the Access-Control-Max-Age response header.