Microgateway 10.5 | webMethods Microgateway Help | Policies | Response Processing | CORS
 
CORS
The Cross-Origin Resource Sharing (CORS) mechanism supports secure cross-domain requests and data transfers between browsers and web servers. The CORS standard works by adding new HTTP headers that allow servers to describe the set of origins that are permitted to read that information.
This policy uses CORS support that uses additional HTTP headers to let a client or an application gain permission to access selected resources. An application or a client makes a cross-origin HTTP request when it requests a resource from a different domain, protocol, or port than the one from which the current request originated.
The table lists the CORS response specifications that are supported for this policy in Microgateway:
Parameter
Description
Allowed Origins
Specifies the origin from which the responses originating are allowed.
syntax for the origin: scheme://host:port
You can have multiple origins and you can also provide Regular expressions for allowed origins.
Allowed origins of applications registered with this API are also allowed to access this API.
Max Age
Specifies the age for which the preflight response is valid.
Allowed Methods
Specifies the methods that are allowed in the request.
Specify one or more of the following: GET, POST, PUT, DELETE, and PATCH.
Allow Headers
Specifies the Headers that are allowed in the request.
You can have multiple headers that are to be allowed.
Allow Credentials
Specifies whether the request credentials could be exposed to the user on request failure.
Expose Headers
Specifies the headers that be exposed to the user on request failure.
You can have multiple headers that are to be allowed.
A corresponding HTTP header is set for all the values above as per the specification. For additional information, see https://www.w3.org/TR/cors/.