HTTP Servlet Cross Origin Policy

This object describes a configuration for handling Cross-Origin HTTP requests using the Cross Origin Resource Sharing (CORS) protocol, as defined at http://www.w3.org/TR/cors. An instance of HTTP Servlet Cross Origin Policy can be associated with zero or more HTTP Servlet Extensions to set the Cross-Origin policy for those servlets.

Relations to This Component Properties dsconfig Usage

Relations to This Component

The following components have a direct aggregation relation to HTTP Servlet Cross Origin Policies:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 cors-allowed-methods
 cors-allowed-origins
 cors-exposed-headers
 cors-allowed-headers
 cors-preflight-max-age
 cors-allow-credentials

Basic Properties

description

Description
A description for this HTTP Servlet Cross Origin Policy
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

cors-allowed-methods

Description
A list of HTTP methods allowed for cross-origin access to resources. i.e. one or more of GET, POST, PUT, DELETE, etc.
Default Value
GET
Allowed Values
A string
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

cors-allowed-origins

Description
A list of origins that are allowed to execute cross-origin requests. A value of "*" indicates that any origin is allowed to access the resource. (Use of "*" is not recommended for resources where security or privacy is a significant concern.)
Default Value
No origins are allowed.
Allowed Values
A string
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

cors-exposed-headers

Description
A list of HTTP headers other than the simple response headers that browsers are allowed to access. These headers will be returned in the 'Access-Control-Expose-Headers' header of a response to a simple cross-origin request. The definition of a 'simple' response header can be found at http://www.w3.org/TR/cors.
Default Value
No non-simple headers are exposed.
Allowed Values
A string
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

cors-allowed-headers

Description
A list of HTTP headers that are supported by the resource and can be specified in a cross-origin request. These headers will be returned in the 'Access-Control-Allow-Headers' header of a pre-flight response.
Default Value
Origin
Accept
X-Requested-With
Content-Type
Access-Control-Request-Method
Access-Control-Request-Headers
Authorization
Allowed Values
A string
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

cors-preflight-max-age

Description
The maximum amount of time that a preflight request can be cached by a client.
Default Value
30 minutes
Allowed Values
A duration. Lower limit is 0 seconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

cors-allow-credentials

Description
Indicates whether the servlet extension allows CORS requests with username/password credentials.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured HTTP Servlet Cross Origin Policies:

dsconfig list-http-servlet-cross-origin-policies
     [--property {propertyName}] ...

To view the configuration for an existing HTTP Servlet Cross Origin Policy:

dsconfig get-http-servlet-cross-origin-policy-prop
     --policy-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing HTTP Servlet Cross Origin Policy:

dsconfig set-http-servlet-cross-origin-policy-prop
     --policy-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new HTTP Servlet Cross Origin Policy:

dsconfig create-http-servlet-cross-origin-policy
     --policy-name {name}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing HTTP Servlet Cross Origin Policy:

dsconfig delete-http-servlet-cross-origin-policy
     --policy-name {name}