Page History
...
If CORS is enabled and no other extra configuration added, then by default all origins, headers and method types are allowed. In order to restrict the CORS access refer to the next paragraphs.
...
Configure allowed origins
When a request is made to the server, the browsers adds the "Origin" header, example:
...
Code Block |
---|
blueriq.security.cors.allowed-origins=https://blueriq.com, https://my-custom-domain.nl |
...
Configure allowed headers
As for allowed origins, the server can be configured to allow only some types of headers.
...
Note |
---|
Make sure to add all headers that are used by the webapplication If at least one headers is not specified in the property and the webapplication sends it, then the browser will block the request |
...
Configure allowed methods
If only some headers must be allowed when a cross origin request is made, it can be specified in the properties file using the property "blueriq.security.cors.allowed-methods"
...