Index: webapps/docs/config/filter.xml =================================================================== --- webapps/docs/config/filter.xml (revision 1489621) +++ webapps/docs/config/filter.xml (working copy) @@ -112,51 +112,51 @@
The minimal configuration required to use this filter is:
The filter class name for the CORS Filter is
- org.apache.catalina.filters.CORSFilter
.
org.apache.catalina.filters.CorsFilter
.
The CORS Filter supports following initialisation parameters:
A list of origins
- that are allowed to access the resource. A '*'
can be
+ that are allowed to access the resource. A *
can be
specified to enable access to resource from any origin. Otherwise, a
- whitelist of comma separated origins can be provided. Eg:
- http://www.w3.org, https://www.apache.org.
+ whitelist of comma separated origins can be provided. Eg:
+ http://www.w3.org, https://www.apache.org
.
Defaults: *
(Any origin is allowed to
access the resource).
A comma separated list of HTTP methods that can be used to access the
resource, using cross-origin requests. These are the methods which will
- also be included as part of 'Access-Control-Allow-Methods' header in a
- pre-flight response. Eg: GET,POST
.
- Defaults: GET,POST,HEAD,OPTIONS
Access-Control-Allow-Methods
+ header in pre-flight response. Eg: GET, POST
.
+ Defaults: GET, POST, HEAD, OPTIONS
A comma separated list of request headers that can be used when
- making an actual request. These header will also be returned as part of
- 'Access-Control-Allow-Headers'
header in a pre-flight
+ making an actual request. These headers will also be returned as part
+ of Access-Control-Allow-Headers
header in a pre-flight
response. Eg: Origin,Accept
. Defaults:
Origin, Accept, X-Requested-With, Content-Type,
Access-Control-Request-Method, Access-Control-Request-Headers
A comma separated list of headers other than the simple response - headers that browsers are allowed to access. These are the headers which - will also be included as part of 'Access-Control-Expose-Headers' header - in the pre-flight response. Eg: +
A comma separated list of headers other than simple response headers
+ that browsers are allowed to access. These are the headers which will
+ also be included as part of Access-Control-Expose-Headers
+ header in the pre-flight response. Eg:
X-CUSTOM-HEADER-PING,X-CUSTOM-HEADER-PONG
.
Default: None. Non-simple headers are not exposed by
default.
The amount of seconds, browser is allowed to cache the result of the
pre-flight request. This will be included as part of
- 'Access-Control-Max-Age'
header in the pre-flight response.
+ Access-Control-Max-Age
header in the pre-flight response.
A negative value will prevent CORS Filter from adding this response
- header from pre-flight response. Defaults:
+ header to pre-flight response. Defaults:
1800
A flag that indicates whether the resource supports user credentials.
This flag is exposed as part of
- 'Access-Control-Allow-Credentials'
header in a pre-flight
+ Access-Control-Allow-Credentials
header in a pre-flight
response. It helps browser determine whether or not an actual request
can be made using credentials. Defaults:
true
CORS Filter adds information about a request, in the HttpServletRequest +
CORS Filter adds information about the request, in HttpServletRequest
object, for consumption downstream. Following attributes are set, if
cors.request.decorate
initialisation parameter is
true
:
Access-Control-Request-Headers
header, for a pre-flight
+ request.
+