vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/apig/umn/apig-ug-0002.html
Chen, Junjie 91c429e341 APIG UMN 20230331 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Chen, Junjie <chenjunjie@huawei.com>
Co-committed-by: Chen, Junjie <chenjunjie@huawei.com>
2023-06-01 08:59:08 +00:00

73 lines
11 KiB
HTML
Raw Permalink Blame History

<a name="apig-ug-0002"></a><a name="apig-ug-0002"></a>
<h1 class="topictitle1">CORS Plug-in</h1>
<div id="body0000001151387425"><p id="apig-ug-0002__en-us_topic_0000001151387425_p12613144317317">For security purposes, the browser restricts cross-domain requests from being initiated from a page script. In this case, the page can access only the resources from the current domain. CORS allows the browser to send XMLHttpRequest to the server in a different domain. For more information, see <a href="apig-en-ug-180621094.html">CORS</a>.</p>
<p id="apig-ug-0002__en-us_topic_0000001151387425_p1561384320314">The CORS plug-in provides the capabilities of specifying preflight request headers and response headers and automatically creating preflight request APIs for cross-origin API access.</p>
<div class="note" id="apig-ug-0002__en-us_topic_0000001151387425_note4473101013417"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="apig-ug-0002__en-us_topic_0000001151387425_p8473610747">If your gateway does not support the CORS plug-in, contact customer service to upgrade the gateway.</p>
</div></div>
<div class="section" id="apig-ug-0002__en-us_topic_0000001151387425_section11211861613"><h4 class="sectiontitle">Usage Guidelines</h4><ul id="apig-ug-0002__en-us_topic_0000001151387425_ul31302019166"><li id="apig-ug-0002__en-us_topic_0000001151387425_li14143201167">You have understood the <a href="apig-ug-0004.html#apig-ug-0004__en-us_topic_0000001151883501_section126118109015">Guidelines for Using Plug-ins</a>.</li><li id="apig-ug-0002__en-us_topic_0000001151387425_li62841536241">APIs with the same request path in an API group can only be bound with the same CORS plug-in.</li><li id="apig-ug-0002__en-us_topic_0000001151387425_li969625513412">If you have enabled CORS for an API and have also bound the CORS plug-in to the API, the CORS plug-in will be used.</li><li id="apig-ug-0002__en-us_topic_0000001151387425_li19165811654">You cannot bind the CORS plug-in to APIs with the same request path as another API that uses the OPTIONS method.</li><li id="apig-ug-0002__en-us_topic_0000001151387425_li36451281510">When you <a href="apig-ug-0004.html#apig-ug-0004__en-us_topic_0000001151883501_section020918935713">bind a plug-in to an API</a>, ensure that the request method of the API is included in <strong id="apig-ug-0002__en-us_topic_0000001151387425_b114781231191913">allow_methods</strong>.</li></ul>
</div>
<div class="section" id="apig-ug-0002__en-us_topic_0000001151387425_section186251949115710"><h4 class="sectiontitle">Configuration Parameters</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="apig-ug-0002__en-us_topic_0000001151387425_table646224343118" width="100%" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Configuration parameters</caption><thead align="left"><tr id="apig-ug-0002__en-us_topic_0000001151387425_row164629433314"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.5.2.2.3.1.1"><p id="apig-ug-0002__en-us_topic_0000001151387425_p164621143103120">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.5.2.2.3.1.2"><p id="apig-ug-0002__en-us_topic_0000001151387425_p6462184333111">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="apig-ug-0002__en-us_topic_0000001151387425_row10359232194018"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.2.3.1.1 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p6871171617718">allowed origins</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.2.3.1.2 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p1887191614715"><strong id="apig-ug-0002__en-us_topic_0000001151387425_b139112462515">Access-Control-Allow-Origin</strong> response header, which specifies either a single origin, which tells browsers to allow that origin to access an API; or else — for requests without credentials — the "*" wildcard, to tell browsers to allow any origin to access the API. Separate multiple URIs using commas.</p>
</td>
</tr>
<tr id="apig-ug-0002__en-us_topic_0000001151387425_row131816449401"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.2.3.1.1 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p187171611717">allowed methods</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.2.3.1.2 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p138710169720"><strong id="apig-ug-0002__en-us_topic_0000001151387425_b117615523283">Access-Control-Allow-Methods</strong> response header, which specifies the HTTP methods allowed when accessing the API. Separate multiple methods using commas.</p>
</td>
</tr>
<tr id="apig-ug-0002__en-us_topic_0000001151387425_row1227694834019"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.2.3.1.1 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p2087112161375">allowed headers</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.2.3.1.2 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p8871916376"><strong id="apig-ug-0002__en-us_topic_0000001151387425_b20406124542915">Access-Control-Allow-Headers</strong> response header, which specifies request headers that can be used when making an XMLHttpRequest. Separate multiple headers using commas.</p>
<p id="apig-ug-0002__en-us_topic_0000001151387425_p2871816975">By default, simple request headers <strong id="apig-ug-0002__en-us_topic_0000001151387425_b19414155213010">Accept</strong>, <strong id="apig-ug-0002__en-us_topic_0000001151387425_b736635503016">Accept-Language</strong>, <strong id="apig-ug-0002__en-us_topic_0000001151387425_b747295803020">Content-Language</strong>, and <strong id="apig-ug-0002__en-us_topic_0000001151387425_b9630204113116">Content-Type</strong> (only if the value is <strong id="apig-ug-0002__en-us_topic_0000001151387425_b14288181463115">application/x-www-form-urlencoded</strong>, <strong id="apig-ug-0002__en-us_topic_0000001151387425_b119171619123112">multipart/form-data</strong>, or <strong id="apig-ug-0002__en-us_topic_0000001151387425_b1673392493110">text/plain</strong>) are carried in requests. You do not need to configure these headers in this parameter.</p>
<div class="note" id="apig-ug-0002__note226018142498"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="apig-ug-0002__ul790220521580"><li id="apig-ug-0002__li181861329141310">When you create a CORS plug-in, no allowed headers are configured by default, which means cross-domain requests cannot carry any custom headers.</li><li id="apig-ug-0002__li1790317523581">Setting <strong id="apig-ug-0002__b179359354543">Allowed Headers</strong> to an asterisk (*) means cross-domain requests can carry any custom headers.</li></ul>
</div></div>
</td>
</tr>
<tr id="apig-ug-0002__en-us_topic_0000001151387425_row11823115024017"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.2.3.1.1 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p1987118164715">exposed headers</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.2.3.1.2 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p9871416674"><strong id="apig-ug-0002__en-us_topic_0000001151387425_b1277872915323">Access-Control-Expose-Headers</strong> response header, which specifies which response headers can be contained in the response of XMLHttpRequest. Separate multiple headers using commas.</p>
<p id="apig-ug-0002__en-us_topic_0000001151387425_p1787181620719">By default, basic response headers <strong id="apig-ug-0002__en-us_topic_0000001151387425_b14970111793712">Cache-Control</strong>, <strong id="apig-ug-0002__en-us_topic_0000001151387425_b120719213371">Content-Language</strong>, <strong id="apig-ug-0002__en-us_topic_0000001151387425_b1660252333718">Content-Type</strong>, <strong id="apig-ug-0002__en-us_topic_0000001151387425_b1349522533711">Expires</strong>, <strong id="apig-ug-0002__en-us_topic_0000001151387425_b194051281375">Last-Modified</strong>, and <strong id="apig-ug-0002__en-us_topic_0000001151387425_b15864123263712">Pragma</strong> can be contained in the response. You do not need to configure these headers in this parameter.</p>
<div class="note" id="apig-ug-0002__note125366456599"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="apig-ug-0002__ul25377455591"><li id="apig-ug-0002__li4537545125916">When you create a CORS plug-in, no exposed headers are configured by default, which means the JavaScript code of a browser cannot parse the headers in a cross-domain access response. However, the following basic response headers obtained using the getResponseHeader() method of the XMLHttpRequest object are excluded: <strong id="apig-ug-0002__b17514174112915">Cache-Control</strong>, <strong id="apig-ug-0002__b774012435917">Content-Language</strong>, <strong id="apig-ug-0002__b2141845594">Content-Type</strong>, <strong id="apig-ug-0002__b254815461495">Expires</strong>, <strong id="apig-ug-0002__b1397417476918">Last-Modified</strong>, and <strong id="apig-ug-0002__b18675184919916">Pragma</strong>.</li><li id="apig-ug-0002__li1653711456599">Setting <strong id="apig-ug-0002__b23125414316">Exposed Headers</strong> to an asterisk (*) means the JavaScript code of a browser can parse all the headers in a cross-domain access response.</li></ul>
</div></div>
</td>
</tr>
<tr id="apig-ug-0002__en-us_topic_0000001151387425_row12713546408"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.2.3.1.1 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p38711016471">maximum age</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.2.3.1.2 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p687121613720"><strong id="apig-ug-0002__en-us_topic_0000001151387425_b138962582374">Access-Control-Max-Age</strong> response header, which specifies for how many seconds the results of a preflight request can be cached. No more preflight requests will be sent within the specified period.</p>
</td>
</tr>
<tr id="apig-ug-0002__en-us_topic_0000001151387425_row1111216094113"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.2.2.3.1.1 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p2871416777">allowed credentials</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.2.2.3.1.2 "><p id="apig-ug-0002__en-us_topic_0000001151387425_p28719161715"><strong id="apig-ug-0002__en-us_topic_0000001151387425_b148861946203816">Access-Control-Allow-Credentials</strong> response header, which specifies whether XMLHttpRequest requests can carry cookies.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="apig-ug-0002__en-us_topic_0000001151387425_section116861854278"><h4 class="sectiontitle">Example Script</h4><pre class="screen" id="apig-ug-0002__en-us_topic_0000001151387425_screen1262135819717">{
"allow_origin": "*",
"allow_methods": "GET,POST,PUT",
"allow_headers": "Content-Type,Accept,Accept-Ranges,Cache-Control",
"expose_headers": "X-Request-Id,X-Apig-Latency",
"max_age": 172800,
"allow_credentials": true
}</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="apig-ug-0001.html">Plug-ins</a></div>
</div>
</div>
View Git Blame Copy Permalink