-
Notifications
You must be signed in to change notification settings - Fork 31
/
Copy pathcors.xml
32 lines (32 loc) · 3.73 KB
/
cors.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<?xml version="1.0" encoding="UTF-8" ?>
<service primary="W3C" secondary="TR" id="cors">
<title>Cross-Origin Resource Sharing (CORS)</title>
<documentation source="http://www.w3.org/TR/cors/">This document defines a mechanism to enable client-side cross-origin requests. Specifications that enable an API to make cross-origin requests to resources can use the algorithms defined by this specification. If such an API is used on http://example.org resources, a resource on http://hello-world.example can opt in using the mechanism described by this specification (e.g., specifying Access-Control-Allow-Origin: http://example.org as response header), which would allow that resource to be fetched cross-origin from http://example.org.</documentation>
<http-header def="Access-Control-Allow-Origin">
<documentation source="http://www.w3.org/TR/cors/#access-control-allow-origin-response-header">The Access-Control-Allow-Origin header indicates whether a resource can be shared based by returning the value of the Origin request header, "*", or "null" in the response.</documentation>
</http-header>
<http-header def="Access-Control-Allow-Credentials">
<documentation source="http://www.w3.org/TR/cors/#access-control-allow-credentials-response-header">The Access-Control-Allow-Credentials header indicates whether the response to request can be exposed when the omit credentials flag is unset. When part of the response to a preflight request it indicates that the actual request can include user credentials.</documentation>
</http-header>
<http-header def="Access-Control-Expose-Headers">
<documentation source="http://www.w3.org/TR/cors/#access-control-expose-headers-response-header">The Access-Control-Expose-Headers header indicates which headers are safe to expose to the API of a CORS API specification.</documentation>
</http-header>
<http-header def="Access-Control-Max-Age">
<documentation source="http://www.w3.org/TR/cors/#access-control-max-age-response-header">The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached in a preflight result cache.</documentation>
</http-header>
<http-header def="Access-Control-Allow-Methods">
<documentation source="http://www.w3.org/TR/cors/#access-control-allow-methods-response-header">The Access-Control-Allow-Methods header indicates, as part of the response to a preflight request, which methods can be used during the actual request.</documentation>
</http-header>
<http-header def="Access-Control-Allow-Headers">
<documentation source="http://www.w3.org/TR/cors/#access-control-allow-headers-response-header">The Access-Control-Allow-Headers header indicates, as part of the response to a preflight request, which header field names can be used during the actual request.</documentation>
</http-header>
<http-header def="Origin">
<documentation source="http://www.w3.org/TR/cors/#origin-request-header">The Origin header indicates where the cross-origin request or preflight request originates from.</documentation>
</http-header>
<http-header def="Access-Control-Request-Method">
<documentation source="http://www.w3.org/TR/cors/#access-control-request-method-request-header">The Access-Control-Request-Method header indicates which method will be used in the actual request as part of the preflight request.</documentation>
</http-header>
<http-header def="Access-Control-Request-Headers">
<documentation source="http://www.w3.org/TR/cors/#access-control-request-headers-request-header">The Access-Control-Request-Headers header indicates which headers will be used in the actual request as part of the preflight request.</documentation>
</http-header>
</service>