Configuring Cross-Origin Resource Sharing (CORS) - Platform - BlueCat Gateway - 20.12.1

Gateway Administration Guide

prodname
BlueCat Gateway
version_custom
20.12.1

Specify the CORS response headers for BlueCat Gateway.

  • Cross-Origin Resource Sharing: The HTTP header-based mechanism that allows a server to indicate any other origins than its own from which a browser should allow loading of resources. The origin of any web content is defined by the scheme (protocol), host (domain), and port of the URL used to access it. CORS also relies on a mechanism by which browsers make a preflight request to the server hosting the cross-origin resource, to check that the server will permit the actual request. The CORS mechanism supports secure cross-origin requests and data transfer between browsers and servers.

Follow the steps below to specify the Cross-Origin Resource Sharing response headers for BlueCat Gateway:

  1. Log in to BlueCat Gateway.
  2. Select Administration > Configurations > General Configuration.
  3. Click Security.


  4. In the Allow Origin field, specify the domain to restrict access to the requests only from it, meaning that no other domain other than the specified one can access the resource in a cross-site manner. You can also specify multiple domains using a comma-separated list. By default, the value is set to * wildcard, which means that any origin can access the resource.
  5. In the Allow Methods field, specify the viable methods to query the resource (a comma-separated list). By default, the value is set to GET,HEAD,POST,OPTIONS,PUT,PATCH,DELETE.
  6. In the Allow Headers field, specify a comma-separated list of the permitted headers to use with the request. By default, the value is set to * wildcard.
  7. In the Expose Headers field, specify a comma-separated list of the permitted headers to be exposed to the browser.
  8. Specify the maximum amount of time (in seconds) for how long the response to the preflight request can be cached without sending another preflight request on the Max Age (seconds) field.
  9. Click the Send Wildcard for Origin checkbox.
  10. Click the Allow Credentials checkbox. The Access-Control-Allow-Credentials header indicates whether or not the response to the request can be exposed when the credentials flag is true.
  11. Click the Send Vary Header checkbox. If the server specifies a single dynamic origin instead of `*`, then it should include Origin in the Vary response header. This indicates that the CORS headers are dynamic and cannot be cached.
  12. Click the Always send CORS header checkbox to always request CORS, meaning that the request includes an Origin header.
  13. Click Save.
    Note: You must restart the BlueCat Gatewaycontainer for changes to the Cross-Origin Resource Sharing (CORS) configuration to take effect.
    Related links: