-
Notifications
You must be signed in to change notification settings - Fork 895
config properties server properties admin properties cors
v1.1.0
object (cors)
| Property | Type | Required | Nullable | Defined by |
|---|---|---|---|---|
| allow_origins | array |
Optional | cannot be null | Config |
| unsafe_wildcard_origin_allowed | boolean |
Optional | cannot be null | Config |
allow_origins determines the value of the Access-Control-Allow-Origin
response header. This header defines a list of origins
that may access the resource.
The wildcard characters * and ? are supported and are converted to regex fragments .* and . accordingly.
allow_origins
-
is optional
-
cannot be null
string[]
The default value is:
[
"http://localhost:8888"
]unsafe_wildcard_origin_allowed allows a wildcard * origin to be used with AllowCredentials
flag. In that case we consider any origin allowed and send it back to the client in an Access-Control-Allow-Origin header.
This is INSECURE and potentially leads to cross-origin attacks. See also https://github.com/labstack/echo/issues/2400 for discussion on the subject.
Optional. Default value is false.
unsafe_wildcard_origin_allowed
-
is optional
-
cannot be null
boolean (unsafe_wildcard_origin_allowed)