Within the Secuirty section of General configuration settings, you can specify Cross-Origin Resource Sharing (CORS) response headers for BlueCat Gateway.
CORS is an HTTP header-based standard that lets a server indicate different origins than its own from which a browser should allow loading of resources. The origin of any web content is defined by the scheme (protocol), host (domain), and port of the URL used to access it. CORS relies on a preflight mechanism, where servers make preflight requests to servers hosting cross-origin resources to make sure that the server will permit the actual request. This lets CORS support cross-origin requests and data transfers between browers and servers.
For more information on Cross-Origin Resource Sharing (CORS), refer to https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
To configure the Cross-Origin Resource Sharing response headers for BlueCat Gateway:
-
Open the General configuration window, then expand the Security section. (Click the Navigator button if necessary, then click . Click Security at the bottom to expand the Security settings.)
-
Scroll down to the Cross-origin resource sharing section, then fill in the following CORS response header options
For more details, see Cross-origin resource sharing (CORS) settings list below.
-
When you're done, click Save.
Note: You must restart the BlueCat Gatewaycontainer for changes to Cross-Origin Resource Sharing (CORS) headers to take effect.To cancel your changes, click Cancel instead.
Cross-origin resource sharing (CORS) settings list
The Interface section has the following settings.
Setting | Description |
---|---|
Allow Origin |
Specifies the domain or domains from which cross-site access to the site's resources should be allowed. To specify multiple domains, use a comma-separated list. No other domain will be able to access the resource in a
cross-site manner. By default, Allow Origin is set to the
wildcard character |
Allow Methods |
A comma-separated list of allowed methods with which the
resource can be queried. By default, Allow Methods is set to
the
following:
|
Allow Headers |
A comma-separated list of permitted headers to use with the
request. By default, the value is set to the
|
Expose Headers |
A comma-separated list of permitted response headers to be
made available to scripts running in the browser. The value
of this field is used for the
By default, only CORS-safelisted response headers are exposed. To allow clients to access other headers, add those headers to this field. For a list of CORS-safelisted headres, see CORS-safelisted response header on the Mozilla website. |
Max Age (seconds) |
The maximum amount of time (in seconds) that the response to the preflight request can be cached without sending another preflight request. |
Send Wildcard for Origin |
If selected, a wildcard ( |
Allow Credentials |
If selected, the resonse to the request will be exposed when
the credentials flag is true. Doing
so enables the
|
Send Vary Header |
If selected, Gateway sends
This is typically used when the server specifies a single
dynamic origin instead of the |
Always send CORS header |
If selected, Gateway always requests CORS,
meaning that the request includes an |