Skip to content


Properties concerning cross-origin resource sharing:

keytypedescriptiondefault value
allowed_originsstring / comma separated listConfigures the Access-Control-Allow-Origins CORS header. * for all origins*
allowed_headersstring / comma separated listConfigures the Access-Control-Allow-Headers CORS header. * for all headers sContent-Type, X-Requested-With, accept, Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
preflight_max_ageintDuration in seconds. Specifies how long the OPTIONS response is cached by browsers600