Skip to content

CORS

This page will show you the options to configure CORS (Cross-Origin Resource Sharing) response headers for your site. Refer this MDN link for more details.

It is a mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.

Note: For demo purpose, we will be using www.nviztest.com domain as an example.

Prerequisite

  1. You must have a domain configured on Nitrogen.

Steps

  1. Click on Security menu, and open CORS tab.

  2. You will be taken to screen to provide details.

    1. Access Control Allow Origin: It indicates whether the response can be shared with requesting code from the given origin.
      Enter the desired domain name. e.g. https://www.nviztest.com
      Note:

      • Only one domain name is permitted.
      • Refer this MDN link for more details

    2. Access Control Allow Methods: It specifies one or more methods allowed when accessing a resource in response to a preflight request.
      Enter the desired method names separated by comma. e.g. GET, POST, OPTIONS etc.
      Note: Refer this MDN link for more details

    3. Access Control Allow Headers: It is used in response to a preflight request to indicate which HTTP headers can be used during the actual request.
      Enter the desired header names OR enter * to allow all.
      Note: Refer this MDN link for more details

    4. Access Control Max Age: It indicates how long the results of a preflight request can be cached.
      Enter the desired number of seconds. e.g. 60
      Note: Refer this MDN link for more details

    5. Access Control Allow Credentials: It tells browsers whether to expose the response to the frontend JavaScript code when the request's credentials mode (Request.credentials) is include.
      Enter the desired value. e.g. true
      Note: Refer this MDN link for more details

    6. Access Control Expose Headers: It allows a server to indicate which response headers should be made available to scripts running in the browser, in response to a cross-origin request.
      Enter the desired header names e.g. Content-Encoding, Content-length OR enter * to allow all.
      Note: Refer this MDN link for more details

    Step

  3. Click on Save button.


Notes

These changes will only take effect when deployed. Saving them will only be saving them in draft. Please refer documentation about Deploy process for it.