Get CORS Headers

Retrieves CORS Headers for website accleration domain.

Request

Request-Line

GET /cdn/v1.0/services/{serviceId}/corsHeaders HTTP/1.1

Request Parameters

Path Parameters

Parameter	Type	Required	Description
serviceId	Integer	Mandatory	Service ID.

Response

Response Body

Parameter	Type	Description
accessControlAllowOrigin	String	Response can be shared with requesting code from the given origin. Please note that null value is not allowed, it must be either '*' or 'scheme://fqdn'.
accessControlExposeHeaders	String	Headers can be exposed as part of the response by listing their names. This header accepts any string value. E.g. "Content-Length".
accessControlMaxAge	Integer	Maximum time in seconds that a CORS preflight response can be cached. Accepts non-negative integers or -1 (0 = no cache, -1 = cache indefinitely).
accessControlAllowCredentials	Boolean	Indicates whether the response can be exposed to frontend JavaScript. Must be true.
accessControlAllowMethods	String	Accepts a single method or a comma-separated list from: GET, POST, PUT, DELETE, HEAD, OPTIONS, CONNECT, TRACE.
accessControlAllowHeaders	String	HTTP headers can be used during the actual request. This header accepts any string value. E.g. "X-Customer-Token".

Status Codes, Error Codes and Error Messages

Status Code	Error Code	Error Message
400	Request.BadRequest	Bad request.
400	InvalidCustomer.IdEmpty	Customer id can be empty or invalid.
400	InvalidService.IdIncorrect	Service id is empty or invalid.
400	ServiceId.IdPermission	ServiceId can not be found or unknown.

Examples

Get CORS Headers

Request

GET /cdn/v1.0/services/228654/corsHeaders HTTP/1.1

Successful Response Body

{
    "Access-Control-Allow-Methods": "GET,POST,OPTIONS",
    "Access-Control-Expose-Headers": "Content-Length, X-Request-Id",
    "Access-Control-Allow-Credentials": "true",
    "Access-Control-Allow-Headers": "Content-Type, Authorization",
    "Access-Control-Allow-Origin": "https://www.example.com",
    "Access-Control-Max-Age": 60
}