Versions Compared

Old Version 4

changes.mady.by.user Mihai Bob

Saved on

compared with

New Version 5

changes.mady.by.user Mihai Bob

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If CORS is enabled and no other extra configuration added, then by default all origins, headers and method types are allowed. In order to restrict the CORS access refer to the next paragraphs.

...

Configure allowed origins

When a request is made to the server, the browsers adds the "Origin" header, example:

...

Code Block
blueriq.security.cors.allowed-origins=https://blueriq.com, https://my-custom-domain.nl

...

Configure allowed headers

As for allowed origins, the server can be configured to allow only some types of headers.

...

Note

Make sure to add all headers that are used by the webapplication If at least one headers is not specified in the property and the webapplication sends it, then the browser will block the request

...

Configure allowed methods

If only some headers must be allowed when a cross origin request is made, it can be specified in the properties file using the property "blueriq.security.cors.allowed-methods"

...