An HTTP filter that handles preflight (OPTIONS) requests and sets CORS response headers as described in the W3C CORS spec.
A Cross-Origin Resource Sharing policy.
A Cross-Origin Resource Sharing policy.
A Policy determines how CORS response headers are set in response to a request with CORS headers:
allowsOrigin is a function that takes the value specified in the Origin request header and optionally returns the value of Access-Control-Allow-Origin.
allowsMethods is a function that takes the value of the Access-Control-Request-Method preflight request header and optionally returns a list of methods to be set in the Access-Control-Allow-Methods response header.
allowsHeaders is a function that takes the values set in the Access-Control-Request-Headers preflight request header and returns the header names to be set in the Access-Control-Allow- Headers response header.
exposedHeaders is the list of header names to be set in the Access-Control-Expose-Headers response header (in response to non-preflight requests).
If supportsCredentials is true and allowsOrigin does not return '*', the Access-Control- Allow-Credentials resopnse header will be set to 'true'.
If maxAge is defined, its value (in seconds) will be set in the Access-Control-Max-Age response header.
A CORS policy that lets you do whatever you want.
A CORS policy that lets you do whatever you want. Don't use this in production.
Implements http://www.w3.org/TR/cors/