Skip to content

Athena::Framework::Bundle::Schema::Cors::Defaults#

CORS defaults that affect all routes globally.

Configuration Properties

allow_credentials#

type:

Bool

default:

false

Indicates whether the request can be made using credentials.

Maps to the access-control-allow-credentials header.


allow_origin#

type:

Array(String | Regex)

default:

[] of String | Regex

A white-listed array of valid origins. Each origin may be a static String, or a Regex.

Can be set to ["*"] to allow any origin.


allow_headers#

type:

Array(String)

default:

[] of String

The header or headers that can be used when making the actual request.

Can be set to ["*"] to allow any headers.

maps to the access-control-allow-headers header.


expose_headers#

type:

Array(String)

default:

[] of String

Array of headers that the browser is allowed to read from the response.

Maps to the access-control-expose-headers header.


allow_methods#

type:

Array(String)

The method(s) allowed when accessing the resource.

Maps to the access-control-allow-methods header. Defaults to the CORS-safelisted methods.


max_age#

type:

Int32

default:

0

Number of seconds that the results of a preflight request can be cached.

Maps to the access-control-max-age header.