Within the Security section of the General configuration page, you can specify Cross-origin resource sharing (CORS) response headers for BlueCat Gateway.
CORS is an HTTP header-based standard that lets a server indicate different origins than its own from which a browser should allow loading of resources. The origin of any web content is defined by the scheme (protocol), host (domain), and port of the URL used to access it. CORS relies on a preflight mechanism, where servers make preflight requests to servers hosting cross-origin resources to make sure that the server will permit the actual request. This lets CORS support cross-origin requests and data transfers between browers and servers.
For more information on Cross-origin resource sharing (CORS), refer to https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
To configure the Cross-origin resource sharing response headers for BlueCat Gateway:
-
Open the General configuration window, then expand the Security section. (Click
Settings at the bottom of the navigator on the left,
expand Configurations, then click General
configuration. Click Security to
scroll to the Security section.) -
Scroll down to the Cross-origin resource sharing section, then fill in the settings as needed
For more details, see Cross-origin resource sharing (CORS) settings list below.
-
When you're done, click Save changes.
Note: You must restart the BlueCat Gatewaycontainer for changes to Cross-origin resource sharing (CORS) headers to take effect.To cancel your changes, click Cancel instead.
Cross-origin resource sharing (CORS) settings list
The Interface section has the following settings.
| Setting | Description |
|---|---|
| Allow origin |
Specifies the domain or domains from which cross-site access to the site's resources should be allowed. To specify multiple domains, use a comma-separated list. No other domain will be able to access the resource in a
cross-site manner. By default, Allow Origin is set to the
wildcard character |
| Allow methods |
A comma-separated list of allowed methods with which the
resource can be queried. By default, Allow Methods is set to
the
following:
|
| Allow headers |
A comma-separated list of permitted headers to use with the
request. By default, the value is set to the
|
| Expose headers |
A comma-separated list of permitted response headers to be
made available to scripts running in the browser. The value
of this field is used for the
By default, only CORS-safelisted response headers are exposed. To allow clients to access other headers, add those headers to this field. For a list of CORS-safelisted headres, see CORS-safelisted response header on the Mozilla website. |
| Max age |
The maximum amount of time (in seconds) that the response to the preflight request can be cached without sending another preflight request. |
| Send wildcard for origin |
If ticked, a wildcard ( By default, Send wildcard for origin is cleared. |
| Allow credentials |
If ticked, the resonse to the request will be exposed when
the credentials flag is true. Doing
so enables the
By default, Allow credentials is cleared. |
| Send vary header |
If ticked, Gateway sends
This is typically used when the server specifies a single
dynamic origin instead of the By default, Send vary header is ticked. |
| Always send CORS headers |
If ticked, Gateway always requests CORS,
meaning that the request includes an By default, Always send CORS headers is ticked. |