CorsPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)
The specification for allowing client side cross-origin requests. Please see W3C Recommendation for Cross Origin Resource Sharing
Attributes
Name | Description |
allow_credentials |
bool
In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials header. Default is false. |
allow_headers |
Sequence[str]
Specifies the content for the Access-Control- llow-Headers header. |
allow_methods |
Sequence[str]
Specifies the content for the Access-Control- llow-Methods header. |
allow_origin_regexes |
Sequence[str]
Specifies the regualar expression patterns that match allowed origins. For regular expression grammar please see github.com/google/re2/wiki/Syntax An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. |
allow_origins |
Sequence[str]
Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. |
disabled |
bool
If true, specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect. |
expose_headers |
Sequence[str]
Specifies the content for the Access-Control- xpose-Headers header. |
max_age |
int
Specifies how long results of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header. |