Skip to main content

CORS Plugin Reference

FieldTypeDefaultOptionalLimitationsDescription
Access-Control-Allow-Originarray["*"]Yes1 <= Number of items <= 256.Allowed origins, format: scheme://host:port,
i.e https://somehost.com:8081.
Access-Control-Allow-Headersarray["*"]Yes1 <= Number of items <= 256.Which headers are allowed to set in request when access cross-origin resource.
Access-Control-Allow-Methodsarray["*"]Yes1 <= Number of items <= 9.Which methods are allowed, i.e. GET, POST.
Access-Control-Expose-Headersarray["*"]Yes1 <= Number of items <= 256.Which headers are allowed to set in response when access cross-origin resource.
Access-Control-Allow-CredentialsbooleanfalseYesOther fields cannot be "*" if this option is trueEnable request include credentials (such as Cookie etc.).
Access-Control-Max-Ageinteger5Yes-Maximum number of seconds the results can be cached. Within this time range, the browser will reuse the last check result.
-1 means no cache. Please note that the maximum value is depended on browser, please refer to MDN for details.
API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud
API7 Enterprise
API Portal
Roadmap

Open Source

Apache APISIX
K8s Ingress Controller
wasm-nginx-module
Contributor Graph

Resources

Blog
Documentation
NGINX + Lua
APISIX vs Kong
APISIX vs NGINX

Company

About
Contact
Careers
Handbook
Partners
Terms & Privacy
SOC2 Type IRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation