• Home
• org.apache.pekko
• pekko-http-cors_2.12
• 1.1.0-M1
• source code

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

kko.pekko-http-cors_2.12.1.1.0-M1.source-code.reference.conf Maven / Gradle / Ivy

# SPDX-License-Identifier: Apache-2.0

########################################
# pekko-http-cors Reference Config File #
########################################

# This is the reference config file that contains all the default settings.
# Make your edits/overrides in your application.conf.

pekko.http.cors {

  # If enabled, allow generic requests (that are outside the scope of the specification)
  # to pass through the directive. Else, strict CORS filtering is applied and any
  # invalid request will be rejected.
  allow-generic-http-requests = yes

  # Indicates whether the resource supports user credentials.  If enabled, the header
  # `Access-Control-Allow-Credentials` is set in the response, indicating that the
  # actual request can include user credentials. Examples of user credentials are:
  # cookies, HTTP authentication or client-side certificates.
  allow-credentials = yes

  # List of origins that the CORS filter must allow. Can also be set to `*` to allow
  # access to the resource from any origin. Controls the content of the
  # `Access-Control-Allow-Origin` response header: if parameter is `*` and credentials
  # are not allowed, a `*` is set in `Access-Control-Allow-Origin`. Otherwise, the
  # origins given in the `Origin` request header are echoed.
  #
  # Hostname starting with `*.` will match any sub-domain.
  # The scheme and the port are always strictly matched.
  #
  # The actual or preflight request is rejected if any of the origins from the request
  # is not allowed.
  allowed-origins = "*"

  # List of request headers that can be used when making an actual request. Controls
  # the content of the `Access-Control-Allow-Headers` header in a preflight response:
  # if parameter is `*`, the headers from `Access-Control-Request-Headers` are echoed.
  # Otherwise the parameter list is returned as part of the header.
  allowed-headers = "*"

  # List of methods that can be used when making an actual request. The list is
  # returned as part of the `Access-Control-Allow-Methods` preflight response header.
  #
  # The preflight request will be rejected if the `Access-Control-Request-Method`
  # header's method is not part of the list.
  allowed-methods = ["GET", "POST", "HEAD", "OPTIONS"]

  # List of headers (other than simple response headers) that browsers are allowed to access.
  # If not empty, this list is returned as part of the `Access-Control-Expose-Headers`
  # header in the actual response.
  exposed-headers = []

  # When set, the amount of seconds the browser is allowed to cache the results of a preflight request.
  # This value is returned as part of the `Access-Control-Max-Age` preflight response header.
  # If `null`, the header is not added to the preflight response.
  max-age = 1800 seconds
}