CORS
object CORS
Implements the CORS protocol. The actual middleware is a CORSPolicy, which can be obtained via policy.
- See also
class Object
trait Matchable
class Any
Value members
Deprecated methods
@deprecated("The default `CORSConfig` is insecure. See https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6.", "0.21.27")
- Deprecated
@deprecated("Depends on a deficient `CORSConfig`. See https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6. If config.anyOrigin is true and config.allowCredentials is true, then the `Access-Control-Allow-Credentials` header will be suppressed starting with 0.22.3.", "0.21.27") @nowarn("cat=deprecation")
CORS middleware This middleware provides clients with CORS information based on information in CORS config. Currently, you cannot make permissions depend on request details
CORS middleware This middleware provides clients with CORS information based on information in CORS config. Currently, you cannot make permissions depend on request details
- Deprecated
@deprecated("Hardcoded to an insecure config. See https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6.", "0.21.27")
- Deprecated
Concrete fields
The default CORS policy:
The default CORS policy:
- Sends
Access-Control-Allow-Origin: *
- Sends no
Access-Control-Allow-Credentials
- Sends no
Access-Control-Expose-Headers
- Sends
Access-Control-Allow-Methods: GET, HEAD, POST
- Reflects request's
Access-Control-Request-Headers
asAccess-Control-Allow-Headers
- Sends no
Access-Control-Max-Age