kko.pekko-http-cors_3.1.0.0.source-code.reference.conf Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pekko-http-cors_3 Show documentation
Show all versions of pekko-http-cors_3 Show documentation
Apache Pekko Http: Modern, fast, asynchronous, streaming-first HTTP server and client.
# SPDX-License-Identifier: Apache-2.0
########################################
# pekko-http-cors Reference Config File #
########################################
# This is the reference config file that contains all the default settings.
# Make your edits/overrides in your application.conf.
pekko.http.cors {
# If enabled, allow generic requests (that are outside the scope of the specification)
# to pass through the directive. Else, strict CORS filtering is applied and any
# invalid request will be rejected.
allow-generic-http-requests = yes
# Indicates whether the resource supports user credentials. If enabled, the header
# `Access-Control-Allow-Credentials` is set in the response, indicating that the
# actual request can include user credentials. Examples of user credentials are:
# cookies, HTTP authentication or client-side certificates.
allow-credentials = yes
# List of origins that the CORS filter must allow. Can also be set to `*` to allow
# access to the resource from any origin. Controls the content of the
# `Access-Control-Allow-Origin` response header: if parameter is `*` and credentials
# are not allowed, a `*` is set in `Access-Control-Allow-Origin`. Otherwise, the
# origins given in the `Origin` request header are echoed.
#
# Hostname starting with `*.` will match any sub-domain.
# The scheme and the port are always strictly matched.
#
# The actual or preflight request is rejected if any of the origins from the request
# is not allowed.
allowed-origins = "*"
# List of request headers that can be used when making an actual request. Controls
# the content of the `Access-Control-Allow-Headers` header in a preflight response:
# if parameter is `*`, the headers from `Access-Control-Request-Headers` are echoed.
# Otherwise the parameter list is returned as part of the header.
allowed-headers = "*"
# List of methods that can be used when making an actual request. The list is
# returned as part of the `Access-Control-Allow-Methods` preflight response header.
#
# The preflight request will be rejected if the `Access-Control-Request-Method`
# header's method is not part of the list.
allowed-methods = ["GET", "POST", "HEAD", "OPTIONS"]
# List of headers (other than simple response headers) that browsers are allowed to access.
# If not empty, this list is returned as part of the `Access-Control-Expose-Headers`
# header in the actual response.
exposed-headers = []
# When set, the amount of seconds the browser is allowed to cache the results of a preflight request.
# This value is returned as part of the `Access-Control-Max-Age` preflight response header.
# If `null`, the header is not added to the preflight response.
max-age = 1800 seconds
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy