If the list of exposed headers is not empty add one or more Access-Control-Expose- Headers headers, with as values the header field names given in the list of exposed headers.
If the list of exposed headers is not empty add one or more Access-Control-Expose- Headers headers, with as values the header field names given in the list of exposed headers.
By not adding the appropriate headers resource can also clear the preflight result cache of all entries where origin is a case-sensitive match for the value of the Origin header and url is a case-sensitive match for the URL of the resource.
Fully handle preflight requests.
Fully handle preflight requests. If a preflight request is deemed to be unacceptable, a 200 OK response is served without CORS headers.
Adds CORS response headers onto all non-preflight requests that have the 'Origin' header set to a value that is allowed by the Policy.
Let header field-names be the values as result of parsing the Access-Control-Request-Headers headers.
Let header field-names be the values as result of parsing the Access-Control-Request-Headers headers. If there are no Access-Control-Request-Headers headers let header field-names be the empty list.
Let method be the value as result of parsing the Access-Control-Request-Method header.
Let method be the value as result of parsing the Access-Control-Request-Method header.
https://www.w3.org/TR/cors/#resource-preflight-requests
https://www.w3.org/TR/cors/#resource-preflight-requests
https://www.w3.org/TR/cors/#resource-requests
https://www.w3.org/TR/cors/#resource-requests
Resources that wish to enable themselves to be shared with multiple Origins but do not respond uniformly with "*" must in practice generate the Access-Control-Allow-Origin header dynamically in response to every request they wish to allow.
Resources that wish to enable themselves to be shared with multiple Origins but do not respond uniformly with "*" must in practice generate the Access-Control-Allow-Origin header dynamically in response to every request they wish to allow. As a consequence, authors of such resources should send a Vary: Origin HTTP header or provide other appropriate control directives to prevent caching of such responses, which may be inaccurate if re-used across- origins.
An HTTP filter that handles preflight (OPTIONS) requests and sets CORS response headers as described in the W3C CORS spec.