This object describes a configuration for handling Cross-Origin HTTP requests using the Cross Origin Resource Sharing (CORS) protocol, as defined at http://www.w3.org/TR/cors. An instance of HTTP Servlet Cross Origin Policy can be associated with zero or more HTTP Servlet Extensions to set the Cross-Origin policy for those servlets.
The following components have a direct aggregation relation to HTTP Servlet Cross Origin Policies:
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
description | None |
cors-allowed-methods | |
cors-allowed-origins | |
cors-exposed-headers | |
cors-allowed-headers | |
cors-preflight-max-age | |
cors-allow-credentials |
Description | A description for this HTTP Servlet Cross Origin Policy |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | A list of HTTP methods allowed for cross-origin access to resources. i.e. one or more of GET, POST, PUT, DELETE, etc. |
Default Value | GET |
Allowed Values | A string |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | A list of origins that are allowed to execute cross-origin requests. A value of "*" indicates that any origin is allowed to access the resource. (Use of "*" is not recommended for resources where security or privacy is a significant concern.) |
Default Value | No origins are allowed. |
Allowed Values | A string |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | A list of HTTP headers other than the simple response headers that browsers are allowed to access. These headers will be returned in the 'Access-Control-Expose-Headers' header of a response to a simple cross-origin request. The definition of a 'simple' response header can be found at http://www.w3.org/TR/cors. |
Default Value | No non-simple headers are exposed. |
Allowed Values | A string |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | A list of HTTP headers that are supported by the resource and can be specified in a cross-origin request. These headers will be returned in the 'Access-Control-Allow-Headers' header of a pre-flight response. |
Default Value | Origin Accept X-Requested-With Content-Type Access-Control-Request-Method Access-Control-Request-Headers Authorization |
Allowed Values | A string |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | The maximum amount of time that a preflight request can be cached by a client. |
Default Value | 30 minutes |
Allowed Values | A duration. Lower limit is 0 seconds. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether the servlet extension allows CORS requests with username/password credentials. |
Default Value | false |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured HTTP Servlet Cross Origin Policies:
dsconfig list-http-servlet-cross-origin-policies [--property {propertyName}] ...
To view the configuration for an existing HTTP Servlet Cross Origin Policy:
dsconfig get-http-servlet-cross-origin-policy-prop --policy-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing HTTP Servlet Cross Origin Policy:
dsconfig set-http-servlet-cross-origin-policy-prop --policy-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new HTTP Servlet Cross Origin Policy:
dsconfig create-http-servlet-cross-origin-policy --policy-name {name} [--set {propertyName}:{propertyValue}] ...
To delete an existing HTTP Servlet Cross Origin Policy:
dsconfig delete-http-servlet-cross-origin-policy --policy-name {name}