Specify the CORS response headers for BlueCat Gateway.
- Cross-Origin Resource Sharing: The HTTP header-based mechanism that allows a server to indicate any other origins than its own from which a browser should allow loading of resources. The origin of any web content is defined by the scheme (protocol), host (domain), and port of the URL used to access it. CORS also relies on a mechanism by which browsers make a preflight request to the server hosting the cross-origin resource, to check that the server will permit the actual request. The CORS mechanism supports secure cross-origin requests and data transfer between browsers and servers.
Follow the steps below to specify the Cross-Origin Resource Sharing response headers for BlueCat Gateway:
- Log in to BlueCat Gateway.
- Select .
In the Allow Origin field, specify the domain to
restrict access to the requests only from it, meaning that no other domain other
than the specified one can access the resource in a cross-site manner. You can
also specify multiple domains using a comma-separated list. By default, the
value is set to
*wildcard, which means that any origin can access the resource.
In the Allow Methods field, specify the viable methods
to query the resource (a comma-separated list). By default, the value is set to
In the Allow Headers field, specify a comma-separated
list of the permitted headers to use with the request. By default, the value is
- In the Expose Headers field, specify a comma-separated list of the permitted headers to be exposed to the browser.
- Specify the maximum amount of time (in seconds) for how long the response to the preflight request can be cached without sending another preflight request on the Max Age (seconds) field.
- Click the Send Wildcard for Origin checkbox.
Click the Allow Credentials checkbox. The
Access-Control-Allow-Credentialsheader indicates whether or not the response to the request can be exposed when the credentials flag is true.
Click the Send Vary Header checkbox. If the server
specifies a single dynamic origin instead of `*`, then it should include
Varyresponse header. This indicates that the CORS headers are dynamic and cannot be cached.
Click the Always send CORS header checkbox to always
request CORS, meaning that the request includes an
Note: You must restart the BlueCat Gatewaycontainer for changes to the Cross-Origin Resource Sharing (CORS) configuration to take effect.Related links:
- For more information on Cross-Origin Resource Sharing (CORS), refer to https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS