CorsPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)The specification for allowing client-side cross-origin requests. For more information about the W3C recommendation for cross-origin resource sharing (CORS), see Fetch API Living Standard.
Attributes
| Name | Description |
| allow_credentials |
bool
In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. Default is false. This field is a member of `oneof`_ ``_allow_credentials``. |
| allow_headers |
Sequence[str]
Specifies the content for the Access-Control-Allow-Headers header. |
| allow_methods |
Sequence[str]
Specifies the content for the Access-Control-Allow-Methods header. |
| allow_origin_regexes |
Sequence[str]
Specifies a regular expression that matches allowed origins. For more information about the regular expression syntax, see Syntax. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. |
| allow_origins |
Sequence[str]
Specifies the list of origins that is allowed to do CORS requests. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. |
| disabled |
bool
If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect. This field is a member of `oneof`_ ``_disabled``. |
| expose_headers |
Sequence[str]
Specifies the content for the Access-Control-Expose-Headers header. |
| max_age |
int
Specifies how long results of a preflight request can be cached in seconds. This field translates to the Access-Control-Max-Age header. This field is a member of `oneof`_ ``_max_age``. |