This object describes a configuration for handling Cross-Origin HTTP requests using the Cross Origin Resource Sharing (CORS) protocol, as defined at http://www.w3.org/TR/cors. An instance of HTTP Servlet Cross Origin Policy can be associated with zero or more HTTP Servlet Extensions to set the Cross-Origin policy for those servlets.
The following components have a direct aggregation relation to HTTP Servlet Cross Origin Policies:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| cors-allowed-methods | |
| cors-allowed-origins | |
| cors-exposed-headers | |
| cors-allowed-headers | |
| cors-preflight-max-age | |
| cors-allow-credentials |
| Description | A description for this HTTP Servlet Cross Origin Policy |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A list of HTTP methods allowed for cross-origin access to resources. i.e. one or more of GET, POST, PUT, DELETE, etc. |
| Default Value | GET |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A list of origins that are allowed to execute cross-origin requests. A value of "*" indicates that any origin is allowed to access the resource. (Use of "*" is not recommended for resources where security or privacy is a significant concern.) |
| Default Value | No origins are allowed. |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A list of HTTP headers other than the simple response headers that browsers are allowed to access. These headers will be returned in the 'Access-Control-Expose-Headers' header of a response to a simple cross-origin request. The definition of a 'simple' response header can be found at http://www.w3.org/TR/cors. |
| Default Value | No non-simple headers are exposed. |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A list of HTTP headers that are supported by the resource and can be specified in a cross-origin request. These headers will be returned in the 'Access-Control-Allow-Headers' header of a pre-flight response. |
| Default Value | Origin Accept X-Requested-With Content-Type Access-Control-Request-Method Access-Control-Request-Headers Authorization |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The maximum amount of time that a preflight request can be cached by a client. |
| Default Value | 30 minutes |
| Allowed Values | A duration. Lower limit is 0 seconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the servlet extension allows CORS requests with username/password credentials. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured HTTP Servlet Cross Origin Policies:
dsconfig list-http-servlet-cross-origin-policies
[--property {propertyName}] ...
To view the configuration for an existing HTTP Servlet Cross Origin Policy:
dsconfig get-http-servlet-cross-origin-policy-prop
--policy-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing HTTP Servlet Cross Origin Policy:
dsconfig set-http-servlet-cross-origin-policy-prop
--policy-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new HTTP Servlet Cross Origin Policy:
dsconfig create-http-servlet-cross-origin-policy
--policy-name {name}
[--set {propertyName}:{propertyValue}] ...
To delete an existing HTTP Servlet Cross Origin Policy:
dsconfig delete-http-servlet-cross-origin-policy
--policy-name {name}