CORS

The Cross-Origin Resource Sharing (CORS) mechanism supports secure cross-domain requests and data transfers between browsers and web servers. The CORS standard works by adding new HTTP headers that allow servers to describe the set of origins that are permitted to read that information.

This policy uses CORS support that uses additional HTTP headers to let a client or an application gain permission to access selected resources. An application or a client makes a cross-origin HTTP request when it requests a resource from a different domain, protocol, or port than the one from which the current request originated.

Parameter	Description
Allowed Origins	Specifies the origin from which the responses originating are allowed. syntax for the origin: scheme://host:port You can have multiple origins and you can also provide Regular expressions for allowed origins. Allowed origins of applications registered with this API are also allowed to access this API.
Max Age	Specifies the age for which the preflight response is valid.
Allowed Methods	Specifies the methods that are allowed in the request. Specify one or more of the following: GET, POST, PUT, DELETE, and PATCH.
Allow Headers	Specifies the Headers that are allowed in the request. You can have multiple headers that are to be allowed.
Allow Credentials	Specifies whether the request credentials could be exposed to the user on request failure.
Expose Headers	Specifies the headers that be exposed to the user on request failure. You can have multiple headers that are to be allowed.