Skip to content

config properties server properties public properties cors

GitHub Action edited this page Aug 28, 2024 · 6 revisions

Version

v1.0.2

cors Type

object (cors)

cors Properties

Property Type Required Nullable Defined by
allow_origins array Optional cannot be null Config
unsafe_wildcard_origin_allowed boolean Optional cannot be null Config

allow_origins

allow_origins determines the value of the Access-Control-Allow-Origin response header. This header defines a list of origins that may access the resource.

The wildcard characters * and ? are supported and are converted to regex fragments .* and . accordingly.

allow_origins

  • is optional

  • cannot be null

allow_origins Type

string[]

allow_origins Default Value

The default value is:

[
  "http://localhost:8888"
]

unsafe_wildcard_origin_allowed

unsafe_wildcard_origin_allowed allows a wildcard * origin to be used with AllowCredentials flag. In that case we consider any origin allowed and send it back to the client in an Access-Control-Allow-Origin header.

This is INSECURE and potentially leads to cross-origin attacks. See also https://github.com/labstack/echo/issues/2400 for discussion on the subject.

Optional. Default value is false.

unsafe_wildcard_origin_allowed

  • is optional

  • cannot be null

unsafe_wildcard_origin_allowed Type

boolean (unsafe_wildcard_origin_allowed)

Clone this wiki locally