Updated on 2025-08-15 GMT+08:00

CorsPluginContent

Table 1 CorsPluginContent

Parameter

Mandatory

Type

Description

allow_origin

Yes

String

Access-Control-Allow-Origin header, which specifies the origins that are allowed to access the resource. For requests that do not need to carry an identity credential, enter an asterisk (*) to allow requests from all origins.

Separate multiple domain names using commas.

allow_methods

No

String

The Access-Control-Allow-Methods header specifies the HTTP methods allowed when accessing the resource.

Use commas (,) to separate multiple methods.

allow_headers

No

String

Access-Control-Allow-Headers header, which specifies the header fields that can be carried in a request.

Use commas (,) to separate multiple header fields.

expose_headers

No

String

The Access-Control-Expose-Headers header lets a server whitelist headers that browsers are allowed to access.

Use commas (,) to separate multiple header fields.

max_age

No

Integer

Access-Control-Max-Age header, which specifies how long the results of a preflight request can be cached. Value range: 0s to 86,400s. No more preflight requests are needed within the period.

allow_credentials

No

Boolean

Access-Control-Allow-Credentials header, which specifies whether to allow the browser to read the response content.