HCP Tenant Management Help
A CORS rules configuration uses the request header and elements described in the next tables. Some of the request elements are optional.
Request header for a CORS rules configuration
Request header | Description |
---|---|
Content-MD5
|
The base64-encoded 128-bit MD5 digest of the data. This header must be used as a message integrity check to verify that the request body was not corrupted in transit. For more information, see RFC 1864. |
Request elements for CORS rules configuration
Element |
Description |
---|---|
CORSConfiguration |
Container for CORSRules elements. •Type: Container •Children: CORSRules •Ancestor: None Note: A CORS rules configuration in HCP can have any number of CORSRule, AllowedMethod, AllowedOrigin, and AllowedHeader elements. However, the maximum size of the CORS configuration cannot exceed 2.5 MB. |
CORSRule |
A set of origins and methods that you want to allow to access a resource. •Type: Container •Children: AllowedMethod, AllowedOrigin, AllowedHeader, MaxAgeSeconds, ExposeHeader •Ancestor: CORSConfiguration |
Id |
Optional. A unique identifier for the rule. The Id value assists you in finding a rule in the CORS configuration. •Type: String •Ancestor: CORSRule |
AllowedMethod |
HTTP methods that you want to allow the origin to execute. Each CORSRule must identify at least one origin and one method. •Type: Enum (GET, PUT, HEAD, POST, DELETE) •Ancestor: CORSRule |
AllowedOrigin |
Origins that you want to allow cross-origin requests from. Each CORSRule must identify at least one origin and one method. The origin value can include at most one wildcard character "*", for example, http://*.example.com. Alternatively, you can specify thewildcard character by itself to enable all origins to send cross-origin requests. •Type: String •Ancestor: CORSRule |
AllowedHeader |
Optional. List of headers that are allowed in a preflight OPTIONS request through the Access-Control-Request-Headers header. This element can contain at most one wildcard character "*". Each header name in the Access-Control-Request-Headers header must have a corresponding entry in the CORSRule. The server will send only the allowed headers that were requested in a response. Type: String Ancestor: CORSRule For a list of common headers that can be used for S3 compatible API requests, see Common request headers. |
MaxAgeSeconds |
Optional. Maximum time, in seconds, that the browser can cache a preflight OPTIONS response for a specified resource. By caching the response, the browser does not have to send preflight requests to the server within the MaxAgeSeconds time window if repeated requests (same origin, HTTP method, and resource) are issued. A CORSRule can have at most one MaxAgeSeconds element. •Type: Integer (seconds) •Ancestor: CORSRule |
ExposeHeader |
Optional. One or more response headers that customers can access from their applications, for example, from a JavaScript XMLHttpRequest object. You add one ExposeHeader element in the rule for each header. This element restricts the response headers that are accessible by the client. •Type: String •Ancestor: CORSRule |
Trademarks and Legal Disclaimer
© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.