Sets Use the CORS policy to set the appropriate headers for requests coming from a different domain so that the response is not blocked by browser. Restricting access to Tasks APIs based on the client’s request origin/domain address is an extra layer of security for protecting your Snaplex nodes. Restriction also applies to the combination of allowed headers, request methods, or domains.
Note |
---|
CORS is a client browser enabled security feature. The CORS policy does not restrict request processing at the API Manager end point endpoint if the request is coming from a different combination of either origin, method, or headers; however, the request is blocked by the client browser. |
Info | title | Execution order
Policy Execution Order
This policy is executed before all policies
earlyin request processing
and is required for. For pre-flight requests
which is issued by, browsers
tocheck the list of allowed headers and request methods by the API endpoint.
Multiexcerpt include macro | ||||
---|---|---|---|---|
|
Parameter Name | Description | Default Value | Example |
---|---|---|---|
Label | Required. The name for the API policy. | CORS Restriction | CORS_DevAPI_Project |
When this policy should be applied | An expression enabled field that determines the condition to be fulfilled for the API policy to execute. | True | request.method == “POST” |
Access Control Request Methods | Allowed request methods. Supported methods are POST, PUT, GET, DELETE, OPTIONS, PATCH. | All methods selected. | GET, POST |
Access Control Request Headers | Required. List of allowed request headers apart from CORS safe headers. | N/A | X-Custom-Header |
Access Control Max Age | Time period for which browser needs to cache the API endpoint for pre-flight requests. | 300 | 175 |
Access Control Allow Credentials | Allowed response headers if APIM end points adds new headers as part of response. | Enabled | Disabled |