It is possible to send and receive secure HTTP messages over headers between client and gateway with the CORS (Cross Origin Resource Sharing) policy.

For example, an anonymous user from the library web service can not delete the DELETE method book, but call the book list with the GET method, so the library employee can use all the methods in the web service. In such a scenario, CORS can be used to restrict HTTP methods.

Figure: CORS Policy

  • The fields in the CORS window are entered to add an CORS policy. A description of these areas is given below.
Table: CORS Fields
Fields Description
Name If you want to add a global policy, the name information is entered.
Description A description can be entered to make policy selections easier.
Request Headers When creating CORS policy,these fields is not mandatory.
Origin It is the origin(domain,protocol,port) information to which the Preflight request was sent. Example; http://foo.example
Access-Control-Request-Method The HTTP method of the Preflight request and original request. Example; POST
Access-Control-Request-Headers The HTTP headers of the Preflight request and original request. Example; X-PINGOTHER, Content-Type
Response Headers Bu bölümdeki alanlar istemcinin asıl isteği gönderebilmesi için izin veriler yetkilerdir.
Access-Control-Allow-Origin The value of the resources allowed by the gateway is entered.If you enter * character,all origins will be allowed.
Access-Control-Allow-Credentials The value of whether or not the credentials are present in the original request is entered. Example; true
Access-Control-Expose-Headers Other headers that clients can access are entered. Example; My-Custom-Header, Another-Custom-Header
Access-Control-Max Age The number of seconds that the request will remain in the browser on the browser is entered in seconds.
Access-Control-Allow-Methods The methods allowed by the gateway are selected
Access Control-Allow Headers The header values allowed by the gateway are entered.
Error Message Customization Enter the Error Code and Error Message that you want to customize for this policy.
————- :————
  • Click Save button to save the operation.