Note: | The host name and IP address cannot be used interchangeably. If you specify a host name, and a cross-origin request is received that uses the corresponding IP address or vice versa, Integration Server will reject the request. |
If you want to... | Type... |
Specify values that Integration Server can include with the CORS Access-Control-Expose-Headers header in response to a CORS request. | watt.server.cors.exposedHeaders= <value1,value2,value3> Where value# is a response header that applications can access. Examine your client-side code to determine which response headers, if any, are retrieved by the client and therefore need to be exposed. |
Specify the host and port on which clients can send cross-origin requests to Integration Server. | watt.server.cors.host=<hostname>:<port> |
Specify the amount of time in seconds a user agent is allowed to cache the results of a preflight request. | watt.server.cors.maxAge= <number of seconds> |
Have Integration Server set the CORS Access-Control-Allow-Credentials header in response to all CORS requests. | watt.server.cors.supportsCredentials=true |
Specify the request headers Integration Server will allow in cross-origin requests. Integration Server includes these headers as the value of the Access-Control-Allow-Headers response header when replying to a pre-flight request. | watt.server.cors.supportedHeaders= <header1,header2,header3> Where header# is a header that a client can include in an actual request. Examine your server-side code to determine which request headers, if any, are read by your server application and need to be explicitly allowed. |
Specify the HTTP methods Integration Server will allow in cross-origin requests. | watt.server.cors.supportedMethods= <method1,method2,method3> Possible values are OPTIONS, HEAD, GET, POST, PUT, and DELETE. Integration Server accepts any of these values by default. |