Customer SupportGet Expert Help
Skip to main content

CORS Header

Cross-Origin Resource Sharing (CORS) allows web applications to request resources from different domains while enforcing security restrictions. MaxiSafe provides configurable CORS headers to manage cross-origin requests efficiently.

Adding a CORS Header

  1. Select a Header Key
    • Users can choose from the following header keys in the drop-down list:
      • Access-Control-Allow-Origin
      • Access-Control-Expose-Headers
      • Access-Control-Max-Age
      • Access-Control-Allow-Credentials
      • Access-Control-Allow-Methods
      • Access-Control-Allow-Headers

  2. Enter the Header Value
    • After selecting the header key, enter the corresponding value based on the requirements:
    • Access-Control-Allow-Origin
      • Defines the allowed origin(s) for cross-origin requests.
      • Cannot be null. To disable sharing, remove this header.
      • Example: https://example.com
    • Access-Control-Expose-Headers
      • Specifies which response headers can be exposed to the client.
      • Accepts a comma-separated list of headers.
      • Example: X-Custom-Header, Authorization
    • Access-Control-Max-Age
      • Specifies how long (in seconds) the results of a preflight request can be cached.
      • Accepts a non-negative integer or -1.
      • Example: 3600
    • Access-Control-Allow-Credentials
      • Determines if credentials (cookies, authentication) can be included in cross-origin requests.
      • The value must be true.
      • Example: true
    • Access-Control-Allow-Methods
      • Specifies the allowed HTTP methods in cross-origin requests.
      • Accepts a single method or a comma-separated list.
      • Example: GET, POST, PUT, DELETE, OPTIONS
    • Access-Control-Allow-Headers
      • Defines which HTTP headers can be used in the request.
      • Accepts any string value representing header names.
      • Example: Content-Type, Authorization

  3. Save the Configuration
    • Once all necessary CORS headers are added, save the configuration to apply the changes.

By configuring CORS headers, users can control cross-origin access, enhance security, and ensure seamless interaction between web applications and APIs.