CorsPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)The Specification for allowing client side cross-origin requests.
Attributes | |
|---|---|
| Name | Description |
allow_origins |
MutableSequence[str]
Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allow_origins or an item in allow_origin_regexes. |
allow_origin_regexes |
MutableSequence[str]
Specifies the regular expression patterns that match allowed origins. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax. |
allow_methods |
MutableSequence[str]
Specifies the content for Access-Control-Allow-Methods header. |
allow_headers |
MutableSequence[str]
Specifies the content for Access-Control-Allow-Headers header. |
expose_headers |
MutableSequence[str]
Specifies the content for Access-Control-Expose-Headers header. |
max_age |
str
Specifies how long result of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header. |
allow_credentials |
bool
In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials header. Default value is false. |
disabled |
bool
If true, the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. |