CORS Header
Cross-Origin Resource Sharing (CORS) allows web applications to request resources from different domains while enforcing security restrictions. vMaxGuard provides configurable CORS headers to manage cross-origin requests efficiently.
Adding a CORS Header
Select a Header Key
Users can choose from the following header keys in the drop-down list:
- Access-Control-Allow-Origin
- Access-Control-Expose-Headers
- Access-Control-Max-Age
- Access-Control-Allow-Credentials
- Access-Control-Allow-Methods
- Access-Control-Allow-Headers
Enter the Header Value
After selecting the header key, enter the corresponding value based on the requirements:
Access-Control-Allow-Origin
Defines the allowed origin(s) for cross-origin requests. Cannot be null. To disable sharing, remove this header.
Example: https://example.com
Access-Control-Expose-Headers
Specifies which response headers can be exposed to the client. Accepts a comma-separated list of headers.
Example: X-Custom-Header, Authorization
Access-Control-Max-Age
Specifies how long (in seconds) the results of a preflight request can be cached. Accepts a non-negative integer or -1.
Example: 3600
Access-Control-Allow-Credentials
Determines if credentials (cookies, authentication) can be included in cross-origin requests. The value must be true.
Example: true
Access-Control-Allow-Methods
Specifies the allowed HTTP methods in cross-origin requests. Accepts a single method or a comma-separated list.
Example: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers
Defines which HTTP headers can be used in the request. Accepts any string value representing header names.
Example: Content-Type, Authorization
Save the Configuration
Once all necessary CORS headers are added, save the configuration to apply the changes.
By configuring CORS headers, users can control cross-origin access, enhance security, and ensure seamless interaction between web applications and APIs.