-
Notifications
You must be signed in to change notification settings - Fork 938
config properties server properties admin properties cors
v1.3.0
object
(cors)
Property | Type | Required | Nullable | Defined by |
---|---|---|---|---|
allow_origins | array |
Optional | cannot be null | Config |
unsafe_wildcard_origin_allowed | boolean |
Optional | cannot be null | Config |
allow_origins
determines the value of the Access-Control-Allow-Origin
response header. This header defines a list of origins
that may access the resource.
The wildcard characters *
and ?
are supported and are converted to regex fragments .*
and .
accordingly.
allow_origins
-
is optional
-
cannot be null
string[]
The default value is:
[
"http://localhost:8888"
]
unsafe_wildcard_origin_allowed
allows a wildcard *
origin to be used with AllowCredentials
flag. In that case we consider any origin allowed and send it back to the client in an Access-Control-Allow-Origin
header.
This is INSECURE and potentially leads to cross-origin attacks. See also https://github.com/labstack/echo/issues/2400 for discussion on the subject.
Optional. Default value is false
.
unsafe_wildcard_origin_allowed
-
is optional
-
cannot be null
boolean
(unsafe_wildcard_origin_allowed)